AP Antenna Host Count High

for each AWAP antenna, you can set the number of hosts that would impact performance when attached to an antenna. Threshold hierarchy can be set at global, AWAP and antenna levels.

minor (yellow)

changes in wireless usage have occurred since the network was designed.

through the AWAP Advanced tab, you can review the hourly and daily mean and maximum attached host values. When the historic record indicates a rising usage trend, you may want to extend the capabilities of your wireless network.

AP Antenna Host Count High Cleared

Description

Default severity level

Typical causes

Actions

raised when the number of hosts attached to the AWAP antenna has returned to an acceptable level.

information (green)

the managed object's performance is now within the set thresholds.

none.

AP Antenna Host Count Low

Description

Default severity level

Typical causes

Actions

the number of hosts attached to the antenna has fallen below the set threshold. This can be set at the global, AWAP and antenna level. By default, the threshold is set to 0, and disabled.

minor (yellow)

changes in wireless usage have occurred since the network was designed.

check the Interface Advanced tab and review the hourly and daily mean and maximum attached host values. When the historic record indicates a falling usage trend, you may want to adjust the capabilities of your wireless network.

AP Antenna Host Count Low Cleared

Description

Default severity level

Typical causes

Actions

the number of hosts attached to the AWAP antenna has returned to an acceptable level.

information (green)

the managed object's performance is now within the set thresholds.

none.

AP Antenna Channel Change Frequency High

a high frequency of channel change indicates a transmission problem. A change in the antenna's local environment impacts its effectiveness on the current channel, causing it to switch to another channel. Practically, any appliance that operates on the same frequency level (2.4GHz) as 802.11b or 802.11g can cause interference with your wireless network.

keep cordless phones and other electrical equipment at least one meter away from the access point. You can check the AP Advanced tab to review the antenna's current physical channel number and its history.

AP Antenna Channel Change Frequency High Cleared

automatic configuration change volatility that indicated a trouble spot location has been resolved.

none.

AP Antenna Offline

Description

Default severity level

Typical causes

Actions

ENA has observed that a AP that was administratively up and operationally up, has now transitioned into the administratively up and operationally down state.

minor (yellow)

a problem has occurred on the antenna.

investigate the history of the antenna's performance.

AP Antenna Online

Description

Default severity level

Typical causes

Actions

the clearing correlation event for AP's AP Antenna Offline event.

information (green)

ENA has observed that a AP that was administratively up and operationally down, has now transitioned into the administratively up and operationally up state.

none.

AP Antenna Power Change Frequency High

Description

Default severity level

Typical causes

Actions

AP antenna power changes more frequently than the set threshold during the polling interval. By default, the frequency is set to three and enabled.

minor (yellow)

automatic configuration is set to too small an interval.

review the AP antenna power change history. Frequent changes may indicate an unstable local environment.

AP Antenna Power Change Frequency High Cleared

Description

Default severity level

Typical causes

Actions

the clearing correlation event for AP Antenna Power Change Frequency High event.

information (green)

the number of hosts attached to the antenna has returned to an acceptable level.

none.

AP Associated With Controller

Description

Default severity level

Typical causes

Actions

indicates the AP has transitioned to another wireless controller.

minor (yellow)

the wireless controller has gone down and its APs have been automatically assigned to another one. The AP has been manually reassigned.

investigate the status of the wireless controller.

AP Host Count High

Description

Default severity level

Typical causes

Actions

the combined count of hosts that are wirelessly associated with all the antennas on a AP has dropped below a selectable threshold. The threshold hierarchy will cover the global, wireless controller and AP levels, and by default will be disabled but set to 0.

minor (yellow)

changes in wireless usage have occurred since the network was designed.

check the AP Advanced tab and review the hourly and daily mean and maximum attached host values. When the historic record indicates a rising usage trend, you may want to extend the capabilities of your wireless network.

AP Host Count High Cleared

Description

Default severity level

Typical causes

Actions

the clearing correlation event for AP Host Count High event.

information (green)

the sum number of hosts attached to the AP's antennas has returned to an acceptable level.

none.

AP Not Associated With Controller

Description

Default severity level

Typical causes

Actions

indicates the AP has transitioned to another wireless controller.

minor (yellow)

the wireless controller has gone down and for load balancing reasons.

the AP has been assigned to a different controller.

investigate the status of the wireless controller.

ATM VCC High Inbound Utilization

Description

Default severity level

Typical causes

Actions

indicates the virtual channel's inbound utilization has crossed its high threshold level.

Source identifies the router, port (ifDescr) and AAL5 VPI/VI.

Impacted identifies the impacted peer router, port and AAL5 VPI/VCI. When the impacted routers are not identified, then ENA displays peer not known.

may be symptomatic of an issue elsewhere in the network. Check through other events that have recently been reported if excessively low levels of utilization persist. Generate ATM utilization reports to monitor the situation.

this problem may be symptomatic of an issue elsewhere in the network. Check through other events that have recently been reported, if excessively low levels of utilization persist. Generate ATM utilization reports to monitor the situation.

ATM VCC Low Outbound Utilization Cleared

indicates a previously low outbound utilization for the ATM VCC is now within the set thresholds.

none.

AvailMonitor Application Available

Description

Default severity level

Typical causes

Actions

ENA checks the availability of a monitored application by attempting a TCP connect every two minutes. If an application responds after previously failing to respond, ENA changes its availability state to Up.

Indicates a previous alarm has been cleared, e.g. Application Unavailable.

information (green)

application is now available.

none.

AvailMonitor Application Unavailable

Description

Default severity level

Typical causes

Actions

ENA checks the availability of a monitored application by attempting a TCP connect every two minutes. If an application fails to respond, ENA considers the Application as Down.

severe (orange)

problem with server resources causing the application to crash.

application bug.

shutdown.

heck the server for the application.

AvailMonitor Falling Average Latency

Description

Default severity level

Typical causes

Actions

indicates that the average real-time latency value for the hour has fallen short of the previous hourly value by the Falling Latency threshold set for the device. If the threshold has been changed during the preceding hour, then the most recent setting is used in the comparison. This threshold is in milliseconds.

minor (yellow)

decrease in network traffic.

investigate network resources.

AvailMonitor High Latency

Description

Default severity level

Typical causes

Actions

indicates the average real-time latency value for the hour exceeds the ICMP High Latency threshold set for the device. If the threshold has been changed during the preceding hour, then the most recent setting is used in the comparison. This threshold is in milliseconds.

severe (orange)

increase in network traffic.

investigate network resources.

AvailMonitor High Latency Reaching Application

Description

Default severity level

Typical causes

Actions

ENA checks the availability of a monitored application by attempting a TCP connect every two minutes. It also records the time taken to respond. You can set a latency threshold for each application, which by default is 3000ms. If the application response is slower than the set threshold, then ENA raises an event.

severe (orange)

insufficient application resource.

network congestion.

use the Ticker tool to check the current application port utilization. If this is high, and a historical graph of port utilization reveals that the link is highly utilized in general, then more bandwidth may be needed.

AvailMonitor High Latency Reaching Application Cleared

Description

Default severity level

Typical causes

Actions

ENA checks the availability of a monitored application by attempting a TCP connect every two minutes. It also records the time taken to respond. You can set a latency threshold for each application, which by default is 3000ms. This event indicates that an application that was responding slowly is now responding within the Latency threshold.

information (green)

reduced traffic.

none.

AvailMonitor Low View Device Reachability

Description

Default severity level

Typical causes

Actions

ENA measures device reachability by pinging a monitored device's IP management address every two minutes. ENA raises this event when the combined number of devices responding to the ICMP ping (and therefore are reachable), set to Admin Down or in an Uninitialized state is below the Device Reachability threshold for the View (as a percentage).

severe (orange)

high utilization of the area of the network where the devices within the View are located.

investigate the devices within the View. If the device reporting the event is a router, then Telnet to the router to ascertain possible causes for the outage.

AvailMonitor Normal Latency

Description

Default severity level

Typical causes

Actions

indicates that the average real-time latency value for the hour is below the High Latency threshold. If the threshold has been changed during the preceding hour, then the most recent setting is used in the comparison. This threshold is in milliseconds.

information (green)

correlated event to AvailMonitor High Latency, network latency has returned to within set boundaries.

none.

AvailMonitor Rising Average Latency

Description

Default severity level

Typical causes

Actions

indicates that the average real-time latency value for the hour is above the Rising Latency threshold. If the threshold has been changed during the preceding hour, then the most recent setting is used in the comparison. This threshold is in milliseconds.

severe (orange)

increase in network traffic.

investigate network resources.

AvailMonitor Rising Trend in Average Latency

Description

Default severity level

Typical causes

Actions

indicates that the average real-time latency value for the previous hour exceeds the trend for the same hour of the week by a value greater than the Rising Trend Latency threshold. If the threshold has been changed during the preceding hour, then the most recent setting is used in the comparison. This threshold is in milliseconds.

severe (orange)

increase in network traffic.

investigate network resources.

AWAP Host Count High

Description

Default severity level

Typical causes

Actions

for each AWAP, you can set the number of hosts that would impact performance when attached to the AWAP. This equates to the sum of the hosts that each antenna can handle. You can set the threshold hierarchy at the global and antenna levels. By default, the threshold is enabled and set to 512.

minor (yellow)

changes in wireless usage have occurred since the network was designed.

you can check the AWAP Advanced tab and review the hourly and daily mean and maximum attached host values. When the historic record indicates a rising usage trend, you may want to extend the capabilities of your wireless network.

AWAP Host Count High Cleared

Description

Default severity level

Typical causes

Actions

the number of hosts attached to the AWAP has returned to an acceptable level.

information (green)

the managed object's performance is now within the set thresholds.

none.

AWAP Host Count Low

Description

Default severity level

Typical causes

Actions

the combined count of hosts that are wirelessly associated with the AWAP has fallen below the set threshold. For all AWAPs, the default threshold is set to 0, and disabled.

minor (yellow)

changes in wireless usage have occurred since the network was designed.

you can check the AWAP Advanced tab and review the hourly and daily mean and maximum attached host values. When the historic record indicates a falling usage trend, you may want to adjust the capabilities of your wireless network.

AWAP Host Count Low Cleared

Description

Default severity level

Typical causes

Actions

the number of hosts attached to the AWAP has returned to an acceptable level.

information (green)

the managed object's performance is now within the set thresholds.

none.

Background Reachability Check Succeeded

Description

Default severity level

Typical causes

Actions

indicates a remote server that was not responding to the central server has started responding.

information (green)

a remote Entuity server that was not responding to the central server's reachability check has now responded.

none.

Background Reachability Check Failed

Description

Default severity level

Typical causes

Actions

indicates the Entuity central server check of the reachability of its remote server(s) has failed. One or more remote servers has failed to respond within the defined period.

By default, the central server polls its remote servers ever 15,000 milliseconds and allows 10,000 milliseconds to receive a response. These settings are configurable through reachabilityAuditorPollingInterval and reachabilityAuditorFutureResultsTimeout in entuity.cfg.

severe (orange)

network outage, network congestion, Entuity server overload either of the remote or central server, or the restart of the remote Entuity server, e.g. it was taken down for maintenance.

check the status of the remote Entuity server, e.g. has it been taken down for scheduled maintenance? Review other raised events, do they indicate a general networking issue?

Backplane Bus A High Utilization

Description

Default severity level

Typical causes

Actions

with some devices, this indicates a major issue when the port speed and density is higher than the available backplane capability. When backplane utilization is over 50%, it may also indicate port queuing or dropped traffic, which then leads to re-transmission and so more traffic.

There are separate backplane utilization events for Bus A, Bus B, Bus C and System Bus, against each can be set a threshold value.

Backplane Bus A High Utilization Cleared

Backplane Bus B High Utilization

Description

Default severity level

Typical causes

Actions

with some devices, this indicates a major issue when the port speed and density is higher than the available backplane capabilities. When backplane utilization is over 50% it may also indicate port queuing or dropped traffic, which then leads to re-transmission and so more traffic.

There are separate backplane utilization events for Bus A, Bus B, Bus C and System Bus, against each can be set a threshold value.

Backplane Bus B High Utilization Cleared

Backplane Bus C High Utilization

Description

Default severity level

Typical causes

Actions

with some devices, this indicates a major issue when the port speed and density is higher than the available backplane capabilities. When backplane utilization is over 50%, it may also indicate port queuing or dropped traffic, when then leads to re-transmission and so more traffic.

There are separate backplane utilization events for Bus A, Bus B, Bus C and System Bus, against each can be set a threshold value.

Backplane Bus C High Utilization Cleared

Backplane System Bus High Utilization

Description

Default severity level

Typical causes

Actions

with some devices, this indicates a major issue when the port speed and density is higher than the available backplane capabilities. When backplane utilization is over 50%, it may also indicate port queuing or dropped traffic, which then leads to re-transmission and so more traffic.

There are separate backplane utilization events for Bus A, Bus B, Bus C and System Bus against each can be set a threshold value.

BGP Peer Briefly Established

indicates that virtual links between BGP speakers are not established but bounced recently. ENA identifies a recent bounce as the peer transition count is greater than zero.

critical (red)

BGP keep-alives may be lost, so the local router terminates the connection and then successfully attempt to reestablish it. Other causes may be an unstable remote router, traffic shaping limitations.

check logs are activated on the device. Use the logs to investigate error messages.

BGP Peer Briefly Not Established

Description

Default severity level

Typical causes

Actions

indicates that virtual links between BGP are now established but bounced recently. ENA identifies a recent bounce as the up time is lower than in the previous poll.

critical (red)

BGP keep-alives may be lost, so the local router terminates the connection and then successfully attempt to reestablish it. Other causes may be an unstable remote router, traffic shaping limitations.

check logs are activated on the device. Use the logs to investigate error messages.

BGP Peer Disappeared

Description

Default severity level

Typical causes

Actions

indicates a former adjacent peer has been removed from router's configuration. Administrators should be aware of this change to be able to detect rogue configuration updates.

critical (red)

update of router configuration.

investigate the cause of router disappearance.

BGP Peer Established

Description

Default severity level

Typical causes

Actions

indicates that virtual links between BGP peer have just become well established.

minor (yellow)

BGP peer established.

none.

BGP Peer Newly Discovered

Description

Default severity level

Typical causes

Actions

indicates ENA's discovery of a new BGP peer.

minor (yellow)

configuration of a new BGP peer.

none.

BGP Peer Not Established

Description

Default severity level

Typical causes

Actions

indicates to administrators that a former adjacent peer is no longer in reach.

critical (red)

problems with IP reachability or incorrect BGP configuration.

at the router's command line interface, use the pingand show route commands to verify network connectivity to the BGP peer. You can use the show log messagescommand to look for error relating to the peer.

BladeCenter Blade +1.25V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +1.25v rail has crossed the maximum voltage threshold for that rail. Detailsidentifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +1.25V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has been cleared.

none.

BladeCenter Blade +1.25V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +1.25v rail has crossed the minimum voltage threshold for that rail. Detailsidentifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

event only available with the BladeCenter module.

severe (orange)

drop in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +1.25V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +1.5V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the maximum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +1.5V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has been cleared.

none.

BladeCenter Blade +1.5V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the minimum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

a drop in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +1.5V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +12V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the maximum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +12V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +12V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the minimum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

a drop in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +12V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +2.5V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the maximum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +2.5V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +2.5V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the minimum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

a drop in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +2.5V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +3.3V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the maximum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +3.3V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +3.3V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the minimum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

a drop in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +3.3V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +5V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the maximum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +5V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade +5V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the rail has crossed the minimum voltage threshold for that rail. Details identifies the rail's correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

Event only available with the BladeCenter module.

severe (orange)

a drop in BladeCenter power supply, poorly seated or malfunctioning blade.

check BladeCenter power.

Reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Blade +5V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Blade Powered Off

Description

Default severity level

Typical causes

Actions

indicates that a blade has been switched off. This is identified through monitoring the voltage on the blade.

This event is only available with the BladeCenter module.

severe (orange)

blade switched off.

none.

BladeCenter Blade Powered On

Description

Default severity level

Typical causes

Actions

indicates that a blade has been switched on. This is identified through monitoring the voltage on the blade.

This event is only available with the BladeCenter module.

information (green)

blade switched on.

none.

BladeCenter Blower Failed

Description

Default severity level

Typical causes

Actions

indicates that a blower has failed. This is identified through monitoring the voltage on the blade. BladeCenter’s built-in redundancy allows the remaining blower to successfully cool the BladeCenter.

This event is only available with the BladeCenter module.

major (amber)

blower failure.

replace the blower. The failed blower module must be replaced within two minutes during service.

BladeCenter Blower Ok

Description

Default severity level

Typical causes

Actions

indicates that a BladeCenter blower has transitioned from a failed, or blower slow, state.

This event is only available with the BladeCenter module.

information (green)

previous problem with the blower (either slow performance or failure) has cleared.

none.

BladeCenter Blower Slow

Description

Default severity level

Typical causes

Actions

indicates that a blower is running at less than twenty percent (default threshold) of its maximum rotational speed. BladeCenter blowers usually operate at thirty percent or above of their maximum rotational speed, the exact speed depending upon the ambient temperature.

This event is only available with the BladeCenter module.

minor (yellow)

blower engine failure.

replace the blower.

BladeCenter Chassis +1.8V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +1.8v rail has crossed the maximum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +1.8V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the +1.8v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +1.8V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +1.8v rail has crossed the maximum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

drop in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +1.8V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the +1.8v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +12V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +12v rail has crossed the maximum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +12V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the +12v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +12V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +12v rail has crossed the minimum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

drop in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +12V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the +12v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +2.5V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +2.5v rail has crossed the maximum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +2.5V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the +2.5v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +2.5V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +2.5v rail has crossed the minimum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

drop in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +2.5 Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

ndicates a previous low voltage alarm raised against the +2.5v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +3.3V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +3.3v rail has crossed the maximum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +3.3V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

ndicates a previous high voltage alarm raised against the +3.3v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +3.3V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +3.3v rail has crossed the minimum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

drop in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +3.3V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the +3.3v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +5V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +5v rail has crossed the maximum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +5V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high voltage alarm raised against the +5v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis +5V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the +5v rail has crossed the minimum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

drop in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis +5V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the +5v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none

BladeCenter Chassis -5V Rail High Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the -5v rail has crossed the maximum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

surge in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis -5V Rail High Voltage Cleared

Description

Default severity level

Typical causes

Actions

ndicates a previous high voltage alarm raised against the -5v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter Chassis -5V Rail Low Voltage

Description

Default severity level

Typical causes

Actions

indicates that the voltage reading for the -5v rail has crossed the minimum voltage threshold for that rail. Details identifies the rail’s correct voltage, the actual voltage and the threshold voltage (by default a 5% variance from the correct voltage). Voltage readings are given in millivolts.

This event is only available with the BladeCenter module.

severe (orange)

drop in BladeCenter power supply.

poorly seated or malfunctioning blade.

check BladeCenter power.

reseat blade server.

replace blade server.

Entuity recommends always consulting the BladeCenter documentation.

BladeCenter Chassis -5V Rail Low Voltage Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous low voltage alarm raised against the -5v rail has been cleared.

information (green)

previous problem with the rail voltage has cleared.

none.

BladeCenter CPU1 High Temperature

Description

Default severity level

Typical causes

Actions

indicates that the temperature reading for the CPU has crossed the maximum threshold for that CPU. Details identifies the actual temperature and the temperature threshold. Temperature readings are given in degrees Celsius.

This event is only available with the BladeCenter module.

severe (orange)

rise in the ambient temperature.

blower failure.

missing components (e.g. a blade) that impact the cooling of the BladeCenter.

ensure the BladeCenter is properly cooled.

check blower performance.

check ambient temperature.

check missing components.

BladeCenter CPU1 High Temperature Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high temperature alarm raised against the CPU has been cleared.

information (green)

previous problem with the CPU temperature has cleared.

none.

BladeCenter CPU2 High Temperature

Description

Default severity level

Typical causes

Actions

indicates that the temperature reading for the CPU has crossed the maximum threshold for that CPU. Details identifies the actual temperature and the temperature threshold. Temperature readings are given in degrees Celsius.

This event is only available with the BladeCenter module.

severe (orange)

rise in the ambient temperature.

blower failure.

missing components (e.g. a blade) that impact the cooling of the BladeCenter.

ensure the BladeCenter is properly cooled.

check blower performance.

check ambient temperature.

check missing components.

BladeCenter CPU2 High Temperature Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high temperature alarm raised against the CPU has been cleared.

information (green)

previous problem with the CPU temperature has cleared.

none.

BladeCenter DASD1 High Temperature

Description

Default severity level

Typical causes

Actions

indicates that the temperature reading for the DASD1 has crossed the maximum threshold for that DASD1. Details identifies the actual temperature and the temperature threshold. Temperature readings are given in degrees Celsius.

This event is only available with the BladeCenter module.

severe (orange)

rise in the ambient temperature.

blower failure.

missing components (e.g. a blade) that impact the cooling of the BladeCenter.

ensure the BladeCenter is properly cooled.

check blower performance.

check ambient temperature.

check missing components.

BladeCenter DASD1 High Temperature Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high temperature alarm raised against the DASD1 has been cleared.

information (green)

previous problem with the DASD1 temperature has cleared.

none.

BladeCenter Front Panel High Temperature

Description

Default severity level

Typical causes

Actions

indicates that the temperature reading for the Front Panel has crossed the maximum threshold for that Front Panel. Details identifies the actual temperature and the temperature threshold. Temperature readings are given in degrees Celsius.

This event is only available with the BladeCenter module.

severe (orange)

rise in the ambient temperature.

blower failure.

missing components (e.g. a blade) that impact the cooling of the BladeCenter.

ensure the BladeCenter is properly cooled.

check blower performance.

check ambient temperature.

check missing components.

BladeCenter Front Panel High Temperature Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high temperature alarm raised against the Front Panel has been cleared.

information (green)

previous problem with the Front Panel temperature has cleared.

none.

BladeCenter Management Module High Temperature

Description

Default severity level

Typical causes

Actions

indicates that the temperature reading for the management module has crossed the maximum threshold for that management module. Details identifies the actual temperature and the temperature threshold. Temperature readings are given in degrees Celsius.

This event is only available with the BladeCenter module.

severe (orange)

rise in the ambient temperature.

blower failure.

missing components (e.g. a blade) that impact the cooling of the BladeCenter.

ensure the BladeCenter is properly cooled.

check blower performance.

check ambient temperature.

check missing components.

BladeCenter Management Module High Temperature Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous high temperature alarm raised against the management module has been cleared.

information (green)

previous problem with the management module temperature has cleared.

none.

Chassis Fan Major Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a major fan hardware problem.

severe (orange)

faulty fan hardware.

faulty environmental card.

faulty supervisor card.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Chassis Fan Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a minor fan hardware problem.

major (amber)

faulty fan hardware.

faulty environmental card.

faulty supervisor card.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Chassis Fan OK

Description

Default severity level

Typical causes

Actions

indicates that a previous fan fault for a device has been cleared.

information (green)

faulty firmware has been swapped out.

none.

Chassis Fan Status Unknown

Description

Default severity level

Typical causes

Actions

indicates the status of the fan is not reportable or is unknown.

minor (yellow)

status of the fan is not reportable.

status of the fan is unknown.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Chassis Major Alarm

Description

Default severity level

Typical causes

Actions

indicates that a device is reporting a major hardware or firmware problem which is causing or may cause the device to fail.

critical (red)

power supply problems.

fan failures.

temperature alarms.

module faults.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Chassis Major Alarm Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous alarm has been cleared.

information (green)

the original cause of the alarm (e.g. power supply problems, fan failures, temperature alarms, module faults) has been corrected.

none.

Chassis Minor Alarm

Description

Default severity level

Typical causes

Actions

indicates that a device is reporting a major hardware or firmware problem which is causing or may cause the device to fail.

severe (orange)

power supply problems.

fan failures.

temperature alarms.

module faults.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Chassis Minor Alarm Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous alarm has been cleared.

information (green)

the original cause of the alarm (e.g. power supply problems, fan failures, temperature alarms, module faults) has been corrected.

none.

Chassis Temperature Alarm

Description

Default severity level

Typical causes

Actions

indicates that a device has measured a significant increase in ambient temperature.

major (amber)

faulty fan hardware.

faulty environmental card.

comms room problems.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Chassis Temperature Alarm Cleared

Description

Default severity level

Typical causes

Actions

indicates that a device temperature problem is resolved.

information (green)

hardware swap out that has resolved a previous problem.

none.

Chassis Temperature Critical Alarm

Description

Default severity level

Typical causes

Actions

indicates that a device has measured a potentially fatal increase in ambient temperature.

critical (red)

faulty fan hardware.

faulty environmental card.

comms room problems.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

CM Configuration Includes Policy Excursion

Description

Default severity level

Typical causes

Actions

indicates ENA Configuration Monitor has identified a device configuration which includes a setting that violates good practice.

minor (yellow)

poorly or wrongly defined device configuration.

ENA raises an event for each policy violation. In the Open view mode of the Events dashlet, these events are collapsed into one row, with # identifying the number of events. View the events in History mode to view the specific policy violation in the event’s Details.

Correct the configuration on the device or amended your policy mandated statements file.

CM Configuration Missing Policy Mandated Statement

Description

Default severity level

Typical causes

Actions

indicates ENA Configuration Monitor has identified that the device configuration does not include a setting required for the device to be configured according to good practice.

minor (yellow)

poorly or wrongly defined device configuration

ENA raises an event for each policy violation. In the Open view mode of the Events dashlet, these events are collapsed into one row, with # identifying the number of events. View the events in History mode to view the specific policy violation in the event’s Details.

Correct the configuration on the device or amended your policy mandated statements file.

CM Firmware Version Changed

Description

Default severity level

Typical causes

Actions

indicates ENA has identified a change in the device firmware configuration. ENA raises this event and also retrieves the device configuration.

minor (yellow)

this would usually be an authorized change in the device firmware. However, an unauthorized change may indicate a security issue.

Configuration Monitor initiates a retrieval of device configuration, which you can view in the archive directory

CM Previously Unsaved Configuration Saved

Description

Default severity level

Typical causes

Actions

indicates the current running and startup device configuration files are now the same.

information (green)

a device configuration that was previously identified as not being saved, has now been saved.

none.

CM Running Configuration Changed

Description

Default severity level

Typical causes

Actions

indicates ENA Configuration Monitor has retrieved a device running configuration that is significantly different from the previous running configuration retrieved from that device. This new configuration is stored, making it the new last-seen running-configuration. This event expires in 24 hours.

severe (orange)

a known configuration change to the device.

from the event's Context menu, you can compare the most recent running configurations. You can also compare configurations through the device's web UI Device Configurations dashlet.

CM Running Configuration Retrieval Failed

Description

Default severity level

Typical causes

Actions

indicates ENA Configuration Monitor attempted, but failed, to retrieve device running configuration. Details describes the failure to retrieve the configuration and identifies the device (either by resolved name or IP address) .This event ages out after 24 hours.

minor (yellow)

if this event is raised against all devices with configuration retrieval enabled, it suggests a system-wide problem. e.g:

the transport server is not running.

the transfer and archive folders do not exist or permission to write to them is denied.

if this event is raised against many devices with configuration retrieval enabled, it suggests a localized issue. e.g.:

those devices share the same credential set, the definition of which is no longer valid.

if this event is raised against one device, then it may be an issue specific to the device, e.g. the device is down, although if you have initiated a manual retrieval, it may be a more widespread issue that is yet to show itself.

check for other events raised against the device, for example Network Outage, to identify whether retrieval failure is a symptom of a more widespread problem or whether it is the real issue.

identify if this event is raised against one or more devices:

when the event is raised against many devices:

check the transfer servers. Although ENA Configuration Monitor is configured to work with the specified FTP, TFTP, SCP and RCP servers, it does not check that a required server is running when attempting a retrieval. If the server is not running, the retrieval will fail.

if this event is raised against one device, then it may be an issue specific to the device, e.g. the device is down. although, if you have initiated a manual retrieval, it may be a more widespread issue that is yet to show itself.

to assist your investigation, you may want to activate debug mode and then re-run configuration retrieval. The additional information assists in identifying where the failure in configuration retrieval occurs.

CM Startup Configuration Changed

Description

Default severity level

Typical causes

Actions

indicates ENA Configuration Monitor has retrieved a device startup configuration that is significantly different from the previous startup configuration retrieved from that device. This new configuration is stored, making it the new last-seen startup-configuration. This event ages out in twenty-four hours.

CM Startup Configuration Retrieval Failed

Description

Default severity level

Typical causes

Actions

indicates ENA Configuration Monitor attempted, but failed, to retrieve device running configuration. Details describes the failure to retrieve the configuration and identifies the device, either by resolved name or IP address.This event ages out after 24 hours

minor (yellow)

if this event is raised against all devices with configuration retrieval enabled, it suggests a system-wide problem. e.g:

the transport server is not running.

the transfer and archive folders do not exist or permission to write to them is denied.

if this event is raised against many devices with configuration retrieval enabled, it suggests a localized issue. e.g.:

those devices share the same credential set, the definition of which is no longer valid.

if this event is raised against one device, then it may be an issue specific to the device, e.g. the device is down, although if you have initiated a manual retrieval, it may be a more widespread issue that is yet to show itself.

raised against the device, for example Network Outage, to identify whether retrieval failure is a symptom of a more widespread problem or whether it is the real issue.

identify if this event is raised against one or more devices:

when the event is raised against many devices:

check the transfer servers. Although ENA Configuration Monitor is configured to work with the specified FTP, TFTP, SCP and RCP servers, it does not check that a required server is running when attempting a retrieval. If the server is not running, the retrieval will fail.

if this event is raised against one device, then it may be an issue specific to the device, e.g. the device is down. although, if you have initiated a manual retrieval, it may be a more widespread issue that is yet to show itself.

to assist your investigation, you may want to activate debug mode and then re-run configuration retrieval. The additional information assists in identifying where the failure in configuration retrieval occurs.

CM Unsaved Configuration

Description

Default severity level

Typical causes

Actions

indicates ENA Configuration Monitor has retrieved, and compared, the current running and startup device configuration files. Entuity Configuration Monitor has found a significant difference between the two, which indicates an unsaved configuration change.

Config Mgmt Job Failed

Description

Default severity level

Typical causes

Actions

indicates one or more of the sub-jobs associated with the identified job failed. This event can be disabled for all jobs derived from the task through the task’s administration Advanced page and the Raise Event on Completion check box.

severe (orange)

the event details includes information on the cause of the job failure, e.g.:

validation failure.

user credential failure.

timeout of a sub-job.

investigate the task history.

Config Mgmt Job Succeeded

Description

Default severity level

Typical causes

Actions

indicates the identified job successfully completed and therefore all of its sub-jobs successfully completed. This event can be disabled for all jobs derived from the task through the task’s administration Advanced page and the Raise Event on Completion check box.

information (green)

successful completion of job.

none.

CUCM CPU High Utilization

Description

Default severity level

Typical causes

Actions

indicates a process on the Cisco Unified Communications Manager server has high CPU utilization.

severe (orange)

high Cisco Unified Communications Manager CPU utilization due to interrupts, or a particular process using a lot of CPU resources. Each device type registered with the Cisco Unified Communications Manager has a weight, this weight should match the Cisco Unified Communications Manager server specification. Problems may occur when this is not the case.

use Flex Reports to create a Cisco Unified Communications Manager CPU Report, for example one that runs every hour to monitor CPU utilization.

CUCM CPU High Utilization Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous alarm has been cleared.

information (green)

previous problem with the CPU utilization has cleared.

none.

CUCM CTI Device Not Registered

Description

Default severity level

Typical causes

Actions

indicates the CTI device has not registered to the Cisco Unified Communications Manager.

critical (red)

Cisco Unified Communications Manager or the CTI Manager may have failed.

check the event Details. This indicates the particular cause of the event.

incomplete registration may indicate a device is re-homing in the middle of registration.

the alarm could also indicate a device misconfiguration, database error, or an illegal/unknown device trying to attempt a connection.

for a Cisco Unified Communications Manager or CTI Manager failure, the device attempts to re-register with the back up Cisco Unified Communications Manager or CTI Manager. Entuity raises a successful device registration event. Check the Cisco Unified Communications Manager and CTI Manager for failures.

if multiple device types are failing to register with the Cisco Unified Communications Manager, check the Cisco Unified Communications Manager server has sufficient available CPU and memory resources to support additional devices.

ENA monitors Cisco Unified Communications Manager CPU and Memory performance, raising events when high utilization thresholds are crossed. Also run a Flex Report on these metrics.

Check IP visibility from Cisco Unified Communications Manager to the gatekeeper. 2) Check gatekeeper status and verify that the gatekeeper state is up. 3) When there is a zone subnet defined on the gatekeeper, verify that the subnet of the gateway is in the allowed subnets.

CUCM Gatekeeper Registered

Description

Default severity level

Typical causes

Actions

indicates the gatekeeper has successfully registered to the Cisco Unified Communications Manager.

information (green)

successful gatekeeper registrations.

none.

CUCM Gateway Not Registered

Description

Default severity level

Typical causes

Actions

gateway registration may fail for a number of reasons.

critical (red)

gateway registration may fail for a number of reasons, e.g. gateway software failure.

check that the gateway is up and running. All gateways have a heartbeat LED that blinks one second on and one second off when the gateway software is running normally. After a registration failure the gateway attempts to recover, which alters the LED blink pattern. If the gateway fails to recover consult the gateway documentation.

CUCM Gateway Registered

Description

Default severity level

Typical causes

Actions

indicates the gateway has successfully registered to the Cisco Unified Communications Manager.

information (green)

successful gateway registration

none.

CUCM H.323 Device Not Registered

Description

Default severity level

Typical causes

Actions

H.323 Gateway device registration may fail for a number of reasons.

critical (redO

H.323 Gateway device registration may fail for a number of reasons, e.g. gateway software failure.

check that the gateway is up and running. All gateways have a heartbeat LED that blinks one second on and one second off when the gateway software is running normally. After a registration failure the gateway attempts to recover, which alters the LED blink pattern. If the gateway fails to recover consult the gateway documentation.

CUCM H.323 Device Registered

Description

Default severity level

Typical causes

Actions

indicates the H.323 device has successfully registered to the CUCM.

information (green)

successful H.323 device registration.

none.

CUCM Media Device Not Registered

Description

Default severity level

Typical causes

Actions

indicates the media device has not registered to the Cisco Unified Communications Manager.

critical (red)

Cisco Unified Communications Manager may have failed or not recognized the device type.

check the event Details. This indicates the particular cause of the event.

incomplete registration may indicate a device is re-homing in the middle of registration.

the alarm could also indicate a device misconfiguration, database error, or an illegal/unknown device trying to attempt a connection.

for a Cisco Unified Communications Manager or CTI Manager failure, the device attempts to re-register with the back up Cisco Unified Communications Manager or CTI Manager. Entuity raises a successful device registration event. Check the Cisco Unified Communications Manager and CTI Manager for failures.

if multiple device types are failing to register with the Cisco Unified Communications Manager, check the Cisco Unified Communications Manager server has sufficient available CPU and memory resources to support additional devices.

ENA monitors Cisco Unified Communications Manager CPU and Memory performance, raising events when high utilization thresholds are crossed. Also run a Flex Report on these metrics.

CUCM Media Device Registered

CUCM Phone Not Registered

indicates the phone has not registered to the Cisco Unified Communications Manager.

critical (red)

Cisco Unified Communications Manager may have failed. Automatic phone registration may be turned off (default state). The Cisco Unified Communications Manager may have insufficient resources to handle additional devices.

check the event Details. This indicates the particular cause of the event.

incomplete registration may indicate a device is re-homing in the middle of registration.

the alarm could also indicate a device misconfiguration, database error, or an illegal/unknown device trying to attempt a connection.

for a Cisco Unified Communications Manager or CTI Manager failure, the device attempts to re-register with the back up Cisco Unified Communications Manager or CTI Manager. Entuity raises a successful device registration event. Check the Cisco Unified Communications Manager and CTI Manager for failures.

if multiple device types are failing to register with the Cisco Unified Communications Manager, check the Cisco Unified Communications Manager server has sufficient available CPU and memory resources to support additional devices.

ENA monitors Cisco Unified Communications Manager CPU and Memory performance, raising events when high utilization thresholds are crossed. Also run a Flex Report on these metrics.

CUCM Process Memory High Utilization

high CUCM process memory utilization due to interrupts, or a particular process using a lot of memory resources. Each device type registered with the Cisco Unified Communications Manager has a weight, this weight should match the Cisco Unified Communications Manager server specification. Problems may occur when this is not the case.

CUCM Process Memory High Utilization Cleared

CUCM Voicemail Device Not Registered

Description

Default severity level

Typical causes

Actions

indicates the voicemail device has not registered to the CUCM.

critical (red)

Cisco Unified Communications Manager may have failed or not recognized the device type. Alternatively, the Cisco Unified Communications Manager may have insufficient resources to handle additional devices.

check the event Details. This indicates the particular cause of the event.

incomplete registration may indicate a device is re-homing in the middle of registration.

the alarm could also indicate a device misconfiguration, database error, or an illegal/unknown device trying to attempt a connection.

for a Cisco Unified Communications Manager or CTI Manager failure, the device attempts to re-register with the back up Cisco Unified Communications Manager or CTI Manager. Entuity raises a successful device registration event. Check the Cisco Unified Communications Manager and CTI Manager for failures.

if multiple device types are failing to register with the Cisco Unified Communications Manager, check the Cisco Unified Communications Manager server has sufficient available CPU and memory resources to support additional devices.

ENA monitors Cisco Unified Communications Manager CPU and Memory performance, raising events when high utilization thresholds are crossed. Also run a Flex Report on these metrics.

Device Average CPU Utilization Cleared

ndicates that processor utilization on the device, as an average of all the device’s processor utilization, is no longer higher than the set threshold.

information (green)

reduced usage.

none.

Device Average Memory Usage Critical

Description

Default severity level

Typical causes

Actions

indicates the device has a high level of usage resulting in a critically low level of available memory. Entuity combines all memory resources on the device, calculates the assigned resource and then raises the event when that resource is greater than the set threshold, by default 90%.

severe (orange)

low memory may be caused through a combination of factors:

memory leak that has consumed a large amount of memory.

network instability pushing thefree memory to zero.

device does not have enough memory to begin with but the problem is discovered only during a rare network event.

use the managed host function to view current and historic levels of memory

Device Average Memory Usage High

Description

Default severity level

Typical causes

Actions

indicates the device has low memory. ENA combines all memory resources on the device, calculates the assigned resource and then raises the event when that resource is greater than the set threshold, by default 80%.

severe (orange)

low memory may be caused by a combination of factors, eg.:

memory leak consuming a large amount of memory.

network instability pushing free memory to zero.

device does not have enough memory to start with, but the problem is only discovered during a rare network event.

use the managed host function to view current and historic levels of memory.

Device Average Memory Usage Cleared

Description

Default severity level

Typical causes

Actions

indicates the device is no longer suffering from low memory.

information (green)

reduced usage.

none.

Device Clock Inconsistency

Description

Default severity level

Typical causes

Actions

poll samples for the device have been discarded, because a discrepancy that is too great between the sample interval according to device sysUpTime, and the sample interval according to ENA's clock.

minor (yellow)

slow running network.

misconfigured device clock.

does not necessarily indicate a network problem. Tolerance values for this event may be adjusted via settings in entuity.cfg.

Device Cold Reboot

Description

Default severity level

Typical causes

Actions

indicates that a device has been rebooted or reset. This event is detected by the generation of an SNMP trap on the device.

severe (orange)

device configuration changes.

hardware/software/firmware faults.

lack of memory on the device.

power failures.

telnet to the device and check the system logs for an indication of what caused the device to reboot.

Device Fan Failure

Description

Default severity level

Typical causes

Actions

indicates the failure of a fan on the device.

critical (red)

fan failure on the device.

the event includes the identifier of the failed fan, which you can use when investigating the failure and to locate it if you have to replace the fan.

Device Fan Failure Cleared

Description

Default severity level

Typical causes

Actions

indicates a fan that had failed on the device is once again working.

information (green)

fan may have restarted or may have been replaced with a new fan.

none.

Device High Active Sessions

Description

Default severity level

Typical causes

Actions

indicates the number of active sessions is greater than the set threshold, by default 1000.

warning (amber)

highest number of active sessions is greater than the set threshold when the device is polled.

investigate the session history of the device.

Device High Active Sessions Cleared

Description

Default severity level

Typical causes

Actions

indicates the number of active sessions was greater than the set threshold, by default 1000, but has now transitioned below the set boundary.

information (green)

number of sessions is below the set threshold.

none.

Device High Authenticated Response Time

Description

Default severity level

Typical causes

Actions

data for this event is retrieved through custom scripts. Contact Entuity Technical Services for details.

warning (amber)

authentication response time is greater than the set threshold.

investigate the authentication history of the device.

Device High External URL Response Time Cleared

Description

Default severity level

Typical causes

Actions

data for this event is retrieved through custom scripts. Contact Entuity Technical Services for details.

information (green)

external URL response time was greater than the set threshold, but has now transitioned below the set boundary.

none.

Device High Messages Received

Description

Default severity level

Typical causes

Actions

indicates the number of message received is greater than the set threshold, by default 1000.

warning (amber)

a large number of messages have been sent to this device.

investigate the history of the device.

Device High Messages Received Cleared

Description

Default severity level

Typical causes

Actions

indicates the number of message received was greater than the set threshold, by default 1000, but has now transitioned below the set boundary.

information (green)

reduction in the number of messages.

none.

Device Low Disk Space

Description

Default severity level

Typical causes

Actions

indicates the device has low disk space.

severe (orange)

cause of low disk space depends on the device, e.g. firewalls can generate large log files.

use the managed host function to view current and historic levels of disk space.

Device Low Disk Space Cleared

Description

Default severity level

Typical causes

Actions

indicates the device is no longer suffering from low disk space.

information (green)

reduced usage.

none.

Device Name Resolution Failure

Description

Default severity level

Typical causes

Actions

indicates ENA poller could reach the device using its IP address, but not resolve its device host name.

minor (yellow)

a corruption or incorrect entry in the hosts file.

an incorrect configuration of the Domain Name System server.

investigate domain name resolution. The exact steps depend upon your operating system and the Domain Name System configuration.

Device Name Resolution Failure Cleared

Description

Default severity level

Typical causes

Actions

indicates ENA can resolve the device hostname.

information (green)

correction of previous DNS problem.

none.

Device Port(s) Utilization Accuracy Lost

Description

Default severity level

Typical causes

Actions

ENA eyepoller counter wrap margin allows ENA to identify devices for which it may miss counter wraps. This event indicates that the traffic rate is being polled from 32 bit counters and that the combination of the poll rate and linespeed make the resulting measurement susceptible to inaccuracy and the polled data is therefore discarded.

major (amber)

this event may be triggered if poll operations take longer, for example as a result of SNMP timeouts. Otherwise this event may suggest that the polling load is beyond ENA's capacity, in which case the problem is with ENA, not with the network.

check the device for polling problems.

check the ENA server load.

Device Port(s) Utilization Accuracy at Risk

Description

Default severity level

Typical causes

Actions

ENA eyepoller counter wrap margin allows ENA to identify devices for which it may miss counter wraps. This event indicates that a device was in danger of missing a counter wrap for, is being safely polled.

minor (yellow)

this event may be triggered if poll operations take longer, for example as a result of SNMP timeouts. Otherwise this event may suggest that the polling load is beyond ENA's capacity, in which case the problem is with ENA, not with the network.

check the device for polling problems.

check the ENA server load.

Device Port(s) Utilization Missed Due to Slow Response

Description

Default severity level

Typical causes

Actions

this event indicates that a device has responded too slowly to ENA polling and data has been lost.

major (amber)

a configuration change to ENA may mean the device is polled more frequently. If the polling frequency has not changed and there has been no significant change to the device configuration or loading then SNMP traffic may be being lost either in the device or between the Entuity server and the device. This may be because the weakest link is now overloaded for some reason.

monitor the polling of the device.

Device Reboot Detected

Description

Default severity level

Typical causes

Actions

indicates that a device has recently been rebooted or reset. ENA monitors device system uptime by polling the device every ten minutes, gathering SysUpTime.

Device Sensor Value Cleared

indicates a device that was reporting a high temperature is now returning a value within accepted boundaries.

information (green)

resolution of original problem.

none.

Device Reachability Degraded

Description

Default severity level

Typical causes

Actions

This event is not enabled by default. It is enabled from the ICMP Monitor Settings page (click Administration > ICMP Monitor) by selecting the Enable Device Unreachable Events and Raise "Device Reachability Degraded" eventscheckboxes.

severe (orange)

ENA identifies reachability of the device as degraded but ENA does not consider it as the root cause of the degradation. Reachability to the device is potentially only degraded because of the behavior of the identified root cause, i.e. this may be a symptomatic event.

check the Device Status history.

Device Unreachable

Description

Default severity level

Typical causes

Actions

This event is not enabled by default. It is enabled from the ICMP Monitor Settings page (click Administration > ICMP Monitor) by selecting the Enable Device Unreachable Events checkbox.

critical (red)

ENA identifies the device as unavailable and also if it is the root cause of the outage. Reachability to the device is potentially only degraded because of the behavior of the identified root cause, i.e. this may be a symptomatic event.

check the Device Status history.

Device Unreachable Cleared

Description

Default severity level

Typical causes

Actions

ENA identifies the device as available and clears the original Device Unreachable or Device Reachability Degraded event.

information (green)

resolution of the original problem.

none.

Device Warm Reboot

Description

Default severity level

Typical causes

Actions

indicates that a device has just been rebooted or reset. This event is detected by the generation of an SNMP trap on the device.

severe (orange)

device configuration changes.

hardware/software/firmware faults.

lack of memory on the device.

power failure.

Telnet to the device and check the system logs for an indication of what caused the device to reboot.

EGP Neighbor Loss

Description

Default severity level

Typical causes

Actions

indicates that the device's peer relationship with an EGP (Extended Gateway Protocol) neighbor no longer exists. The SNMP trap includes the identity IP address of the peered router, which ENA attempts to resolve to the host name.

critical (red)

peer router has gone down.

investigate the peer router.

EIGRP Peer Briefly Not Established

Description

Default severity level

Typical causes

Actions

indicates to administrators that virtual links between EIGRP speakers are now well established but bounced recently. ENA identifies a recent bounce as the up time is lower than in the previous poll.

critical (red)

EIGRP keep-alives may be lost, so the local router terminates the connection and then successfully attempt to reestablish it. Other causes maybe an unstable remote router, traffic shaping limitations.

check logs are activated on the device. Use the logs to investigate error messages.

EIGRP Peer Disappeared

Description

Default severity level

Typical causes

Actions

indicates a former adjacent peer has been removed from the router's configuration. Administrators should be aware of this change, to be able to detect rogue configuration updates.

critical (red)

removal of an adjacent router.

investigate the cause of router disappearance.

EIGRP Peer Newly Discovered

Description

Default severity level

Typical causes

Actions

indicates ENA's discovery of a new EIGRP peer.

minor (yellow)

configuration of a new EIGRP peer.

none.

Entuity License Expired and This Entuity Server is No Longer Operational

Description

Default severity level

Typical causes

Actions

indicates the license on the central license server has expired. The central license server provides the credits for the remote ENA license client to manage its network, this remote ENA server also requires a locally installed valid license. The local license determines the modules and integrations enabled on that ENA install.

critical (red)

the Entuity central license server is down.

a general network problem is preventing communication between the Entuity servers.

check the status of the license server, for example has it been taken down for scheduled maintenance.

review other raised events, do they indicate a general networking issue.

Entuity License Not Updated by License Server and Will Expire

Description

Default severity level

Typical causes

Actions

indicates the Entuity license server cannot contact the remote Entuity server. The license server regularly contacts its remote clients to maintain and verify their license details. A remote server can only run for a limited time, by default seven days, without contact from its license server. This event is raised after a set period of non-contact, by default two days. These settings are configurable through entuity.cfg.

minor (yellow)

Entuity central license server is down.

a general network problem is preventing communication between the Entuity servers.

check the status of the license server, for example has it been taken down for scheduled maintenance.

review other raised events, do they indicate a general networking issue.

Entuity License on Remote Server Could Not be Updated

Description

Default severity level

Typical causes

Actions

indicates the central license server cannot contact one of its remote Entuity servers. This event is raised after a set period of non-contact, by default two days. These settings are configurable through entuity.cfg.

minor (yellow)

the remote Entuity server is down.

a general network problem is preventing communication between the Entuity servers.

check the status of the remote Entuity server, for example has it been taken down for scheduled maintenance.

review other raised events, do they indicate a general networking issue.

Entuity License on Remote Server Expired

Description

Default severity level

Typical causes

Actions

Entuity License on Remote Server Successfully Updated

Description

Default severity level

Typical causes

Actions

Entuity License Successfully Updated by License Server

Description

Default severity level

Typical causes

Actions

Entuity Server Automated Shutdown

Description

Default severity level

Typical causes

Actions

Entuity Server Component Restarting After Failure

Description

Default severity level

Typical causes

Actions

Entuity Server Critical Component Restarting After Failure

Description

Default severity level

Typical causes

Actions

Entuity Server Database Backup Failure

Description

Default severity level

Typical causes

Actions

indicates the Entuity backup failed.

critical (red)

a component that is key to Entuity server performance has failed.

use the Impacted and Details fields to identify the failed Entuity component. Entuity will attempt to restart the component, raising an Entuity Server Permanent Failure of Component event if it fails to restart the component. You can view more details through systemcontrol.log in entuity_home\log.

Entuity Server Disk Space Alert

Description

Default severity level

Typical causes

Actions

indicates the Entuity server is running low on disk space, and details the remaining disk space in megabytes. It is generated by diskMonitor. This is a system-wide event, appearing in all Views.

critical (red)

low disk space.

check server for disk space, if the space appears sufficient, you can amend the diskMonitor threshold settings to values more appropriate to your system.

diskMonitor is intended to protect the Entuity database from corrupting when the server runs out of disk space. Configuring it inappropriately will remove this safeguard.

Entuity Server Explicit Shutdown Initiated

Description

Default severity level

Typical causes

Actions

indicates Entuity server has been instructed to shutdown, for example from the command line using stopeye or as a result of critical shortage of disc space. This is a system-wide event, appearing in all views when the Entuity server restarts.

severe (orange)

administrator has taken down the server.

when the Entuity server has shut itself down, investigate available disk space on the server.

Entuity Server Internal Event

Description

Default severity level

Typical causes

Actions

event generated that reports on the status of an Entuity service.

minor (yellow)

license expiry.

ENA process failure.

determined by event type.

Entuity Server License Alert

Description

Default severity level

Typical causes

Actions

indicates one or more of ENA's licensable components is approaching or has reached either its limit of managed objects or expiry date. The event description details the licensable component(s) and the number of free credits. This is a system wide event, appearing in all Views.

Entuity Server Permanent Component Failure

Description

Default severity level

Typical causes

Actions

indicates the Entuity server has attempted to restart the failed component, but has been unable to do so. The component remains down until manually restarted, if possible, or the Entuity server is restarted. This is a system-wide event, appearing in all Views.

critical (red)

failure to restart a ENA component.

use the Impacted and Details fields to identify the failed ENA component. You can view more details through systemcontrol.log in entuity_home\log.

Entuity Server Shutdown Forced By Critical Failure To Restart

Description

Default severity level

Typical causes

Actions

indicates a critical ENA component has failed repeatedly preventing the Entuity server from performing normally. The Entuity server has then automatically shutdown. This is a system-wide event, appearing in all Views when the Entuity server restarts.

Entuity Server Started

indicates the Entuity server has successfully started. This is a system-wide event, appearing in all Views when the Entuity server restarts.

information (green)

indicates the Entuity server has successfully started.

none.

Firewall Access Control Violations High

Description

Default severity level

Typical causes

Actions

indicates the NetContinuum firewall is identifying a high number of access control violations by a managed application. This may indicate an attack, or an inappropriate firewall configuration for a particular application. NetContinuum firewalls identify a series of access control type violations:

Denied HTTP.

Requests.

Blocked DAP.

Blacklisted.

Blocked Methods.

Robots Denied.

Robots Allowed.

ENA sums the total number of violations that occurred during the last polling period (by default ENA polls NetContinuum firewalls every five minutes.) When the total number of access control violations exceeds the set threshold, which is configurable but by default set to ten, ENA raises this event.

severe (orange)

an application is being inappropriately used. This may be because users are either consciously or inadvertently attempting to use an application beyond the configured constraints.

Entuity includes to the event the source application and the breakdown of access control violations by type, from which you can identify the particular types, or types of violation, causing concern. After investigation you may determine an attack has occurred, or that, for example, the URL Access Control Lists (ACLs) require adjustment.

Firewall Access Control Violations High Cleared

Description

Default severity level

Typical causes

Actions

indicates that the high number of access control violations rate has returned to within acceptable boundaries.

information (green)

reduced number of control violations.

none.

Firewall High Avail User Set Oper State Compliant

Description

Default severity level

Typical causes

Actions

the High Availability module status on the device and the User Set Oper State set in ENA were different but are now the same.

information (green)

User Set Oper State may have been amended to match the state on the device.

the device state may have transitioned to be the same as User Set Oper State.

none.

Firewall High Avail User Set Oper State Non Compliant

Description

Default severity level

Typical causes

Actions

the High Availability module status on the device and the User Set Oper State set in ENA are different.

severe (orange)

User Set Oper State may have been amended to a state different to that on the device. More significantly, the device state may have transitioned to a different state to that of User Set Oper State.

in Events dashlet the event Details column displays both the User Set Oper State and the polled device state. The type of disparity determines your action where the change in High Availability module was:

expected and permanent: amend the module's User Set Oper State.

unexpected: investigate the cause of the change in module state. It may indicate a serious problem that could impact the performance of the firewall cluster.

Firewall High Current Connections

Description

Default severity level

Typical causes

Actions

indicates the number of current connections is greater than the set threshold, which by default is 1000.

severe (orange)

highest number of current connections is greater than the set threshold when the firewall is polled.

investigate the connection history of the device.

Firewall High Current Connections Cleared

Description

Default severity level

Typical causes

Actions

indicates the number of current connections was greater than the set threshold, which by default is 1000, but is now below that boundary.

information (green)

reduction in the number of current connections.

none.

Firewall Overflow and Intrusion Violations High

Description

Default severity level

Typical causes

Actions

indicates the NetContinuum firewall is identifying a high number of overflow and intrusion violations. This may indicate an attack, or an inappropriate firewall configuration for a particular application. NetContinuum firewalls identify a series of overflow and intrusion type violations:

Keyword Intrusions.

Query Length Intrusions.

Cookie Overflow Intrusions.

Header Count Intrusions.

Content Overflow Intrusions.

Parameter Length Overflows.

Empty Valued.

ENA sums the total number of violations that occurred during the last polling period (by default ENA polls NetContinuum firewalls every five minutes). When the total number of overflow and intrusion violations exceeds the set threshold (which is configurable, but by default set to ten), ENA raises this event.

severe (orange)

forms tampering can modify the information sent from a particular field on a form, for example adding extra, malicious instructions through a buffer overflow.

ENA will include, to the event, the source application and the breakdown of overflow and intrusion violations by type. From this, you can identify the particular types, or types of violation, that are causing concern.

Firewall Overflow and Intrusion Violations High Cleared

Description

Default severity level

Typical causes

Actions

indicates the high number of overflow and intrusion violations has returned to within acceptable boundaries.

information (green)

reduced number of overflow and intrusion violations.

none.

Firewall URL Alerts High

Description

Default severity level

Typical causes

Actions

indicates the NetContinuum firewall is identifying a high number of URL alerts against a particular application. NetContinuum firewalls identify these types of violations:

URL Encoding Errors

Slash Dot URLs Blocked

Tilde in URL Blocked

Character Set Encoding Errors

Bad Certificates.

ENA sums the total number of alerts against the application that occurred during the last polling period, by default ENA polls NetContinuum firewalls every five minutes. When the total number of URL alerts exceeds the set threshold (which is configurable, but by default set to 500), ENA raises this event.

severe (orange)

an attack can use different ploys based around how URLs are handled. For example, hiding an attack within a different character set. The NetContinuum Controller can identify character set encoding schemes and identify attacks hidden within them

ENA includes, to the event, the source application and the breakdown of URL alerts by type, from which you can identify the particular types, or types of URL violation, causing concern.

Firewall URL Alerts High Cleared

Description

Default severity level

Typical causes

Actions

indicates that the number of URL alerts has returned to within acceptable boundaries.

information (green)

reduced number of URL alerts against the application.

none.

FR DLCI High BECN

Description

Default severity level

Typical causes

Actions

indicates the frame relay is encountering congestion, specifically the available bandwidth at the time of transmission is not as great as can be supported by the sending terminal.

major (amber)

inadequate network infrastructure.

heavy network traffic.

high levels of line noise.

portions of the system going down.

identifying and resolving these issues can improve overall network performance, especially when the system is called upon to carry a large volume of traffic

FR DLCI High BECN Cleared

Description

Default severity level

Typical causes

Actions

indicates that the frame relay encountering congestion has returned to within acceptable boundaries.

information (green)

reduced usage.

none.

FR DLCI High DE

Description

Default severity level

Typical causes

Actions

indicates that the Committed Information Rate (CIR) has been exceeded on inbound traffic on this PVC.

major (amber)

when the CIR is exceeded, traffic gets marked DE by the frame relay switch. If congestion is then detected these packets are dropped.

use the PVC Utilization report to investigate further.

FR DLCI High DE Cleared

Description

Default severity level

Typical causes

Actions

indicates that the Committed Information Rate (CIR) has returned to within acceptable boundaries on inbound traffic on this PVC.

information (green)

reduced usage.

none.

FR DLCI High FECN

Description

Default severity level

Typical causes

Actions

indicates that the WAN is encountering congestion forward of the packet, i.e. the available bandwidth at the time of transmission is not as great as can be supported by the receiving terminal.

major (amber)

inadequate network infrastructure.

heavy network traffic.

high levels of line noise.

portions of the system going down.

identifying and resolving these issues can improve overall network performance, especially when the system is called upon to carry a large volume of traffic.

FR DLCI High FECN Cleared

Description

Default severity level

Typical causes

Actions

indicates that the Committed Information Rate (CIR) has returned to within acceptable boundaries on outbound traffic on this PVC.

information (green)

reduced usage.

none.

FR DLCI High Inbound Utilization

Description

Default severity level

Typical causes

Actions

indicates inbound utilization of the port is high and could impact performance.

major (amber)

PVC utilization is higher than PVC utilization threshold for the port, due to increased traffic.

generate PVC utilization reports to monitor the situation.

FR DLCI High Inbound Utilization Cleared

Description

Default severity level

Typical causes

Actions

indicates PVC utilization is now below the high threshold value.

information (green)

reduced transmission.

none.

FR DLCI High Outbound Utilization

Description

Default severity level

Typical causes

Actions

indicates outbound utilization of the port is high and could impact performance.

major (amber)

PVC utilization higher than PVC utilization threshold for the port due to increased traffic.

FR DLCI Link Down

investigate whether the problem occurs on the public or private section of the network, and then run PVC reports.

FR DLCI Link UP

Description

Default severity level

Typical causes

Actions

indicates PVC is available.

information (green)

a PVC that was unavailable is now available.

none.

HSRP Port Group Activated

Description

Default severity level

Typical causes

Actions

indicates the HSRP port is active.

major (amber)

when preemption is enabled, the newly activated router has a higher priority than the previously active router.

the previously active router has become unavailable, this router was the standby router and has now activated.

none.

HSRP Port Group Deactivated

Description

Default severity level

Typical causes

Actions

indicates the HSRP port group has transitioned from an active to a deactivated state.

major (amber)

indicates the HSRP port group has transitioned from an active state to one of n/a, Initial, Learn, Listen, Speak, or Standby. You can view the current state through the event details column.

investigate the cause of the transition of the HSRP port group to deactivated when preemption is not enabled. When ENA monitors the router it raises events indicating the cause of failure.

IP SLA Creation Failure

Description

Default severity level

Typical causes

Actions

indicates the creation of an IP SLA operation has failed on the source device.

critical (red)

the create command does not include the correct SNMP write community string. Alternatively, there may be access restrictions to the device.

check the correct SNMP write community string is set on the device.

check access is not restricted to the device, including any firewall allows through the appropriate commands (i.e. snmpSet permission).

IP SLA Creation Failure Cleared

Description

Default severity level

Typical causes

Actions

indicates the operation was successfully created, but does not indicate that it is collecting data.

information (green)

raised the first time the operation is successfully created on the device.

none.

IP SLA High ICPIF

Description

Default severity level

Typical causes

Actions

ICPIF attempts to quantify the key impairments to voice quality that are encountered in the network. A high ICPIF value indicates high impairment.

critical (red)

packet loss due to equipment impairment.

latency due to increased traffic.

run a Flex Report to investigate further.

IP SLA High ICPIF Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous High ICPIF alarm has been cleared.

information (green)

VoIP quality of service, as measured by ICPIF, has returned to acceptable levels.

none.

IP SLA Low MOS

Description

Default severity level

Typical causes

Actions

MOS is a common benchmark used to determine the quality of sound produced by specific codecs. A wide range of listeners have judged the quality of voice samples sent using particular codecs, on a scale of 1 (poor quality) to 5 (excellent quality). The opinion scores are averaged to provide the mean for each sample.

critical (red)

packet loss due to equipment impairment.

latency due to increased traffic.

run a Flex Report to investigate further.

IP SLA Low MOS Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous Low MOS alarm has been cleared.

information (green)

VoIP quality of service, as measured by MOS, has returned to acceptable levels.

none.

IP SLA Test Failed

Description

Default severity level

Typical causes

Actions

indicates the operation was successfully created but it failed to connect to the target device.

major (amber)

access restrictions to the device.

a failure on the network.

check the target device is available.

when communicating through a firewall check the IP SLA source port is set correctly.

check the target device’s destination port is IP SLA responsive. This is achieved either by having the IP SLA responder enabled or having a process listening on that port. When using IP SLA responder’s control packets must also be used (and also allowed through the firewall).

IP SLA Test High Latency

Description

Default severity level

Typical causes

Actions

indicates the operation is reporting latency between the source and target device above the threshold settings for the operation.

IP SLA Test High Latency Cleared

indicates the operation is reporting latency between the source and target device that has returned to below its threshold settings, having previously been above.

information (green)

the cause of the high latency on the network has been resolved, e.g. a high latency may only be reported at peak times.

none.

IP SLA Test Succeeded

Description

Default severity level

Typical causes

Actions

indicates the operation is successfully collecting data.

information (green)

raised the first time the operation collects data from a device.

after a failure in operation collection has been resolved and data is being collected again.

none.

IS-IS Peer Disappeared

Description

Default severity level

Typical causes

Actions

indicates a former adjacent peer has been removed from router's configuration. Administrators should be aware of this change to be able to detect rogue configuration updates.

critical (red)

removal of an adjacent router.

investigate the cause of router disappearance.

IS-IS Peer Established

Description

Default severity level

Typical causes

Actions

indicates that virtual links between IS-IS peers are well established. The state has just transitioned to Full.

minor (yellow)

OSPF peering established.

none.

IS-IS Peer Newly Discovered

Description

Default severity level

Typical causes

Actions

indicates discovery of a new IS-IS peer.

minor (yellow)

configuration of a new IS-IS peer.

none.

IS-IS Peer Not Established

Description

Default severity level

Typical causes

Actions

indicates that a former adjacent peer is no longer in reach. The state has just transitioned out of the Full state.

critical (red)

problems with IP reachability or incorrect IS-IS configuration.

use the ping and show route commands to verify network connectivity to the IS-IS peer. You can use the show log messages command to look for errors relating to the peer.

LAP Antenna Host Count High

Description

Default severity level

Typical causes

Actions

for each LAP antenna you can set a maximum number of hosts that they can handle, a number higher than the antenna can efficiently handle.

minor (yellow)

changes in wireless usage have occurred since hte network was designed.

you can check the Interface Advanced tab and review the hourly and daily mean and maximum attached host values. When the historic record indicates a rising usage trend you may want to extend the capabilities of your wireless network.

LAP Antenna Host Count High Cleared

Description

Default severity level

Typical causes

Actions

raised when the number of hosts attached to the LAP antenna has returned to an acceptable level.

information (green)

number of hosts attached to the antenna has returned to an acceptable level.

none.

LAP Antenna Host Count Low

Description

Default severity level

Typical causes

Actions

the combined count of hosts that are wirelessly associated with all of the antennas on a WAP has fallen below the set threshold.

minor (yellow)

changes in wireless usage have occurred since the network was designed.

you can check the Antenna Advanced tab and review the hourly and daily mean and maximum attached host values. When the historic record indicates a falling usage trend you may want to adjust the capabilities of your wireless network.

LAP Antenna Host Count Low Cleared

Description

Default severity level

Typical causes

Actions

the clearing correlation event for WAP Antenna Host Count Low event.

information (green)

number of hosts attached to the antenna has returned to an acceptable level.

none.

Load Balancer High Connection Limit Pkt Drop Rate

Description

Default severity level

Typical causes

Actions

the connection requests rejected because they exceeded the connection drop rate for a virtual server (IP address:Port).

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate the client connection history.

Load Balancer High Connection Limit Pkt Drop Rate Cleared

Description

Default severity level

Typical causes

Actions

the connection requests rejected because they exceeded the connection limit for a virtual server (IP address:Port) is now within the set thresholds.

information (green)

reduced demand on the load balancer hardware accelerator.

none.

Load Balancer High Current Sessions

Description

Default severity level

Typical causes

Actions

indicates the number of current sessions is equal to, or greater than the set current sessions threshold, which is by default 10000000.

a change in the usage of the network placing an unexpected demand on your load balancer setup.

persistent sessions not releasing resources.

a misconfiguration of your load balancer setup, or a failure.

ENA settings inappropriate to load balancer pool services.

investigate the history of session assignment, a persistent problem may indicate a requirement to reconfigure your load balancer setup.

Load Balancer High Current Sessions Cleared

Description

Default severity level

Typical causes

Actions

indicates the number of current sessions is less than the set current sessions threshold, which is by default 10000000.

information (green)

a return to the expected network load.

none.

Load Balancer High Error Count

Description

Default severity level

Typical causes

Actions

the total session errors are greater than the set threshold, by default 10000000.

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High Error Count Cleared

Description

Default severity level

Typical causes

Actions

the total inbound and outbound packet errors for the system is within the set threshold.

information (green)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High Inbound Error Rate

Description

Default severity level

Typical causes

Actions

the error rate for incoming packets for the load balancer is higher than the set threshold, which by default is 6250000 packets per second.

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High Inbound Error Rate Cleared

Description

Default severity level

Typical causes

Actions

the error rate for incoming packets for the load balancer is higher than the set threshold, which by default is 6250000 packets per second.

information (green)

reduced demand on the load balancer hardware accelerator.

none.

Load Balancer High License Denied Pkt Rate

Description

Default severity level

Typical causes

Actions

packets were dropped due to exceeding licensing limitations, which by default is 500 packets per second.

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High License Denied Pkt Rate Cleared

Description

Default severity level

Typical causes

Actions

rate of dropped packets due to exceeding licensing limitations no longer exceeds the set threshold.

information (green)

reduced traffic.

availability of greater load balancer resource.

none.

Load Balancer High Maximum Sessions

Description

Default severity level

Typical causes

Actions

indicates the number of maximum sessions is equal to, or greater than the set maximum sessions threshold, which is by default 10000000.

a change in the usage of the network placing an unexpected demand on your load balancer setup.

persistent sessions not releasing resources.

a misconfiguration of your load balancer setup, or a failure.

ENA settings inappropriate to load balancer pool services.

investigate the history of session assignment. A persistent problem may indicate a requirement to reconfigure your load balancer setup.

Load Balancer High Maximum Sessions Cleared

Description

Default severity level

Typical causes

Actions

indicates the number of maximum sessions is less than the set maximum sessions threshold, which is by default 10000000.

information (green)

a return to the expected network load.

none.

Load Balancer High Memory Error Pkt Rate

Description

Default severity level

Typical causes

Actions

indicates connection errors were the result of insufficient available memory.

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High Memory Error Pkt Rate Cleared

Description

Default severity level

Typical causes

Actions

indicates connection errors that were the result of insufficient available memory are resolved.

information (green)

reduced traffic.

availability of greater load balancer resource.

none.

Load Balancer High No Handler Denied Pkt Rate

Description

Default severity level

Typical causes

Actions

indicates that the incoming packets that could not be processed by a virtual server, NAT or SNAT is at a rate greater than the set threshold.

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High No Handler Denied Pkt Rate Cleared

Description

Default severity level

Typical causes

Actions

indicates that the incoming packets that could not be processed by a virtual server, NAT or SNAT is now at a rate within the set threshold.

information (green)

reduced traffic.

availability of greater load balancer resource.

none.

Load Balancer High Non Syn Denied Pkt Rate

Description

Default severity level

Typical causes

Actions

indicates that the packets that are not connection requests, and are destined for a virtual server that has no connection for the client address, are at a rate greater than the set threshold.

critical (red)

the packets that are not connection requests and are destined for a virtual server that has no connection for that client address.

investigate client's server address list.

Load Balancer High Non Syn Denied Pkt Rate Cleared

Description

Default severity level

Typical causes

Actions

indicates that the packets that are not connection requests, and are destined for a virtual server that has no connection for the client address, are now at a rate within the set threshold.

information (green)

client now has access to the virtual server.

none.

Load Balancer High Outbound Error Rate

Description

Default severity level

Typical causes

Actions

the total outgoing packet errors for the system is greater than the set threshold.

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High Outbound Error Rate Cleared

Description

Default severity level

Typical causes

Actions

total outgoing packet errors for the system is now within the set threshold.

information (green)

reduced traffic.

availability of greater load balancer resource.

none.

Load Balancer High Packet Drop Rate

Description

Default severity level

Typical causes

Actions

total number of dropped packets is higher than the set threshold.

critical (red)

availability of load balancer servers is insufficient to meet demand.

inefficient assignment of clients to servers.

investigate load balancer resourcing and configuration.

Load Balancer High Packet Drop Rate Cleared

Description

Default severity level

Typical causes

Actions

total number of dropped packets is within the set threshold.

information (green)

reduced traffic.

availability of greater load balancer resource.

none.

Load Balancer High SLB SP Current Sessions

Description

Default severity level

Typical causes

Actions

the number of sessions the Server Load Balancer (SLB) service processor is currently handling is higher than the set threshold, which is by default 75% of the maximum allowed.

a change in the usage of the network placing an unexpected demand on your load balancer setup.

Persistent sessions not releasing resources.

A misconfiguration of your load balancer setup, or a failure.

ENA settings inappropriate to the SLB setup, for example too low a threshold.

investigate history of service processor utilization.

Load Balancer High SLB SP Current Sessions Cleared

Description

Default severity level

Typical causes

Actions

Load Balancer Pool Critical Member Availability

Description

Default severity level

Typical causes

Actions

number of members available to the pool is reduced to a critical level.

critical (red)

number of available members is less than the set threshold when the device is polled.

investigate the history of member usage for the pool.

Load Balancer Pool Critical Member Availability Cleared

Description

Default severity level

Typical causes

Actions

number of members available to the pool has transitioned to a value within the set threshold.

information (green)

a reduction in the resources used for the load balancer pool.

none.

Load Balancer Pool Critical Services Availability

Description

Default severity level

Typical causes

Actions

indicates the number of available services is below the set critical services thresholds, which is by default 0.

critical (red)

a change in the usage of the network, placing an unexpected demand on your load balancer setup.

a misconfiguration of your load balancer setup, or a failure.

ENA settings inappropriate to load balancer pool services.

investigate the history of service availability a persistent problem may indicate a requirement to reconfigure your load balancer setup.

Load Balancer Pool Critical Services Availability Cleared

Description

Default severity level

Typical causes

Actions

indicates the number of available services has transitioned above the set critical services thresholds, which is by default 0.

information (green)

a reduction in the services used for the load balancer pool.

none.

Load Balancer Pool Low Member Availability

Description

Default severity level

Typical causes

Actions

the number of members available to the pool is reduced to a low level.

major (amber)

number of available members is less than the set threshold when the device is polled.

none.

Load Balancer Pool Low Member Availability Cleared

Description

Default severity level

Typical causes

Actions

the number of members available to the pool has transitioned to a value within the set threshold.

information (green)

a reduction in the resources used for the load balancer pool.

none.

Load Balancer Pool Low Services Availability

Description

Default severity level

Typical causes

Actions

indicates the number of available services is equal to or below the set services thresholds, which is by default 2.

severe (orange)

A change in the usage of the network placing an unexpected demand on your load balancer setup.

A misconfiguration of your load balancer setup, or a failure.

Entuity settings inappropriate to load balancer pool services.

investigate the history of service availability. A persistent problem may indicate a requirement to reconfigure your load balancer setup.

Load Balancer Pool Low Services Availability Cleared

Description

Default severity level

Typical causes

Actions

indicates the number of available services has transitioned above the set services thresholds, which is by default 2.

information (green)

a reduction in the services used for the load balancer pool.

none.

MAC Address High Port Count

Description

Default severity level

Typical causes

Actions

this is a threshold-based event and is disabled by default. It can be enabled through Threshold Settings by setting the number of MAC addresses you consider is a high MAC address count.

ENA does not raise this event against trunking ports.

macman compares the number of MAC addresses discovered on a port against the ENA threshold set for that port, by default set to three.

investigate why the device is handling so many MAC addresses, and monitor the impact on its performance.

If you judge the threshold setting is too low, you can amend it for the individual port, for all the ports on the current pot's device, or as a global change for all of the ports managed by the server.

If you judge the event is not appropriate for the port, you can disable it for the individual port, for all ports on the current port's device, or as a global change for all ports managed by the server.

MAC Address High Port Count Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous MAC Address High Port Count alarm associated with this port has been cleared.

number of MAC addresses associated with the port is now within the set thresholds.

none.

MAC Address New

Description

Default severity level

Typical causes

Actions

ENA discovers one or more new MAC addresses on a port, raising one event for all of the new MAC addresses on the port. Entuity considers a new MAC address as one not listed in the retained history of MAC addresses for the current port. By default Entuity retains the last fifty MAC addresses discovered on a port, although this is configurable through machistorylimit in entuity.cfg.

ENA does not raise events for:

newly discovered ports within a defined inhibit time, which prevents ENA from raising a torrent of events caused by ENA discovering new devices. By default this inhibit time is 24 hours, but it is configurable through the MAC Addresses threshold tab.

a 24 hour inhibit period allows provost scheduled macman to run and discover MAC addresses, providing a base against which new and change events can be recognized. When macman is run through macScheduler then that baseline can be discovered earlier and ENA can ignore the inhibit time.

the very first MAC address(es) seen on a port, to avoid a blizzard of events when ENA manages new devices.

any mac addresses that recur on a port.

ENA checks for changes in port state every hour, and events are raised within that context. When the conditions of the new MAC address match the criteria of the MAC Address Port Change event, ENA raises both events against this port.

This is a threshold-based event and is disabled by default.

major (amber)

ENA discovers a new MAC address on a managed port, e.g. when a host, such as a PC, is plugged into an access layer switch that ENA manages, ENA raises a MAC Address New event.

when this event is not accompanied by a MAC Port Address Port Change event it is a warning to you that a new host has connected to your network. Although the introduction of a new host might be a benign event it requires further investigation as it may:

indicate a personally owned device has connected to the network, which may be compromised, e.g. insufficient anti-virus protection which could allow access to malicious worms, adware, viruses and other infectious material.

be the signature of the introduction of an unauthorized Wireless Access Point which might not have its security configuration enabled (they are unsecured by default) and would therefore invite intrusion to an otherwise secure network.

MAC Address Port Change

Description

Default severity level

Typical causes

Actions

When ENA discovers a MAC address that is new to the current port, but which it has a record of occurring on one or more other ports, it raises a MAC Address Port Change event.

ENA considers a change MAC address as one not listed in the retained history of ports for that MAC address, but other ports are listed in this retained history. By default, ENA retains the last fifty ports associated with a MAC address, although this is configurable through machistorylimit in entuity.cfg.

ENA raises the event against the first new port (in terms of lexicographic listing), specifying the MAC address, together with the ports it was last seen on and the ports it is now seen on. ENA checks for changes in port state every hour, and events are raised within that context.

When the conditions of the port change MAC address match the criteria of the MAC Address New event ENA also raises a MAC Address New event against this port.

This is a threshold-based event and is disabled by default.

A MAC address macman previously discovered on one port, or ports, it now discovers on an additional port. For example, when a host, such as a PC, is unplugged from one access layer switch that ENA manages and plugged into another, ENA raises a MAC Address Port Change event.

may indicate a security concern that requires further investigation.

Memory Low

Description

Default severity level

Typical causes

Actions

indicates the managed memory object is running low on available memory.

severe (orange)

may be caused through a combination of factors:

memory leak that has consumed a large amoubt of memory.

a network instability pushes the free memory to zero.

the device does not have enough memory to begin with, but the problem is discovered only during a rare network event.

use the managed host function to view current and historic levels of memory.

Memory Low Cleared

Description

Default severity level

Typical causes

Actions

indicates the managed object is no longer suffering from low memory.

information (green)

reduced usage.

none.

Missing Events

Description

Default severity level

Typical causes

Actions

these are generated when ENA detects an event has occurred but cannot display it.

n/a (white)

this indicates ENA has raised an event for which it does not have record for that type in its database. This may happen, for example, when creating an event through the Open Trap Receiver and the event being raised before Event Viewer has updated its tables to recognize the event. After the next refresh the event would be properly recognized, i.e. the event has not been received by the client.

none. This should be a temporary issue resolved when ENA's tables and event caches are synchronized.

Module Disappeared

Description

Default severity level

Typical causes

Actions

indicates a module (card) is no longer on a device.

critical (red)

removal of a module by an administrator.

critical failure of a module on the device.

when the module has failed the system administrator should investigate. You can Telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Module Discovered

Description

Default severity level

Typical causes

Actions

indicates discovery module (card) for a device ENA already manages.

minor (yellow)

addition of a module on the device. It may also be raised when a device is added to ENA.

none.

Module Down

Description

Default severity level

Typical causes

Actions

indicates a module (card) fault for a device.

critical (red)

faulty module card hardware or firmware.

Telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Module Major Fault

Description

Default severity level

Typical causes

Actions

indicates a device has a major module (line card) hardware or firmware problem.

critical (red)

faulty card hardware or firmware.

Telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Module Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a minor module (line card) hardware or firmware problem.

severe (orange)

faulty card hardware or firmware.

Telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Module Status OK

Description

Default severity level

Typical causes

Actions

indicates that a module (card) fault for a device has been cleared.

information (green)

faulty module (card) has been swapped out.

none.

Module Status Unknown

Description

Default severity level

Typical causes

Actions

indicates that ENA cannot determine the status of the device.

major (amber)

faulty card hardware or firmware.

Telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

MPLS LDP Entity Errors

Description

Default severity level

Typical causes

Actions

the LDP entity represents a label space that is targeted for distribution to an LDP peer.

critical (red)

Entity errors may be:

Bad LDP Identifier Errors

Bad PDU Length Errors

Bad Message Length Errors

Bad Message Length Errors

Bad TLV Length Errors

Malformed TLV Value Errors

Keep Alive Timer Expiry Errors.

investigate the entity configuration. The event includes the LDP entity device and associated LDP peer.

MPLS LDP Entity Errors Cleared

Description

Default severity level

Typical causes

Actions

the LDP entity no longer has associated errors.

information (green)

a corrected configuration.

improvement in network performance.

none.

MPLS LDP Entity Non-operational

Description

Default severity level

Typical causes

Actions

indicates the LDP session state has transitioned from operational to a non-operational state.

critical (red)

indicates the LDP session state has transitioned from operational.

the event includes the LDP entity device and associated LDP peer. Investigate the entity configuration; the event includes the new state of the session:

Unknown

Non existent

Initialized

Open Receive

Open Sent.

MPLS LDP Entity Operational

Description

Default severity level

Typical causes

Actions

indicates the LDP session state has transitioned from a non-operational to an operational state.

information (green)

the session is operational as the LSR has received acceptable initialization and keep alive messages.

none.

MPLS LDP Entity Rejected Sessions

Description

Default severity level

Typical causes

Actions

LSR has received a session initialization message but has rejected the session.

critical (red)

one or more of the session parameters, for example LDP protocol version, label distribution method, timer values are not acceptable. The LSR responds by sending a Session Rejected/Parameters Error Notification message and closing the TCP connection.

nvestigate the configuration of the LSR.

MPLS LDP Entity Rejected Sessions Cleared

Description

Default severity level

Typical causes

Actions

the LDP entity has now accepted the session.

information (green)

the LDP entity has now accepted the session.

none.

MPLS LDP Entity Shutdown Notifications Received

Description

Default severity level

Typical causes

Actions

the LSR has received a shutdown notification message from the peered LSR.

critical (red)

when the last Hello adjacency for a LDP session is deleted, the connected LSR terminates the LDP session. The peer may close the session when it concludes that the transport connection is bad or that the peer has failed, and it terminates the LDP session by closing the transport connection.

nvestigate the network connection, the status of the LSR.

MPLS LDP Entity Shutdown Notifications Received Cleared

Description

Default severity level

Typical causes

Actions

integrity of the LDP session has been reestablished.

information (green)

the peered LSR prematurely sent a session terminated notification message, which was subsequently followed by a Want To Reestablish session message.

none.

MPLS LDP Entity Shutdown Notifications Sent

Description

Default severity level

Typical causes

Actions

when the last Hello adjacency for a LDP session is deleted, the LSR terminates the LDP session.

critical (red)

the LSR may close the session when it concludes that the transport connection is bad or that the peer has failed, and it terminates the LDP session by closing the transport connection.

investigate the network connection.

investigate the status of the LSR.

MPLS LDP Entity Shutdown Notifications Sent Cleared

Description

Default severity level

Typical causes

Actions

the integrity of the LDP session has been reestablished.

information (green)

the LSR permaturely sent a session terminated notification message, which was subsequently followed by a Want To Reestablish session message.

none.

MPLS LDP Peer Disappeared

Description

Default severity level

Typical causes

Actions

the LSR peer has disappeared. An ENA Shutdown Notification message may already have been raised.

critical (red)

the session has been shutdown and so the peer has disappeared. The administrator may have reconfigured\removed the LSR. Alternatively the LSR may have encountered problems.

when the disappearance is unexpected Entuity may have raised additional events that indicates the cause of the disappearance.

MPLS LDP Peer Newly Discovered

Description

Default severity level

Typical causes

Actions

a newly discovered LDP peer indicates the establishment of a new LDP session.

information (green)

administrator has added a new LSR to the network.

check that the newly discovered peer is an expected LSR. An unexpected LSR may indicate a security failure.

MPLS LDP Peer Non-operational

Description

Default severity level

Typical causes

Actions

indicates the LDP session state has transitioned from an operational to a non-operational state.

critical (red)

the event associated LDP peer has a state other than operational:

Unknown

Non existent

Initialized

Open Receive

Open Sent

the event includes the non-operational peer’s device name and advertised IP address that you can use to investigate the state of the peer.

MPLS LDP Peer Operational

Description

Default severity level

Typical causes

Actions

indicates the LDP peer state has transitioned from a non-operational to an operational state.

information (green)

peer has returned to an operational state, for example after the device has been rebooted.

none.

MPLS LDP Peer TLV Errors

Description

Default severity level

Typical causes

Actions

the peer has received a packet of the correct type, but of unknown content.

critical (red)

the content may have been corrupted during transmission across the network.

check the sending LSR configuration.

MPLS LDP Peer TLV Errors Cleared

Description

Default severity level

Typical causes

Actions

a previous message from the peered LSR had corrupt content, but the subsequent message was correctly formed.

information (green)

the state that caused corrupt content (for example, transport problems) has been resolved.

none.

MPLS LDP Peer Unknown Message Types

Description

Default severity level

Typical causes

Actions

the LDP peer received a message of an unknown type.

critical (red)

LSRs support a defined set of message types. A packet that includes a message type not configured to the LSR cannot be processed.

check the supports message types on the LSRs.

MPLS LDP Peer Unknown Message Types Cleared

Description

Default severity level

Typical causes

Actions

a previous message from the peered LSR was of a type this LSR did not recognize.

information (green)

the most recent packet from the peer is of a supported message type.

none.

MPLS LSR Interface High Discard Rate (Lookup Failure)

Description

Default severity level

Typical causes

Actions

indicates the number of labeled packets that have been received on this interface and were discarded because there were no matching entries found for them in mplsInSegmentTable.

severe (orange)

there were no forwarding rules for these received packets.

check the configuration of your forwarding tables.

MPLS LSR Interface High Discard Rate (Lookup Failure) Cleared

Description

Default severity level

Typical causes

Actions

indicates the interface's discard rate caused by lookup failure has transitioned to below the set threshold.

information (green)

the interface is receiving packets for which it has appropriate lookup table entries.

none.

MPLS LSR Interface High Error Free Discard Rate (RX)

Description

Default severity level

Typical causes

Actions

the rate per second of inbound labeled packets, for which no error was detected, that the LSR discarded is above the set threshold.

severe (orange)

the LSR may be short of buffer space.

check the LSR configuration. There may also be low buffer events raised for the device.

MPLS LSR Interface High Error Free Discard Rate (RX) Cleared

Description

Default severity level

Typical causes

Actions

indicates the interface’s discard rate of error free packets has transitioned to below the set threshold.

information (green)

the initial reason for discarding packets, e.g. low buffer space, has been resolved, or traffic to the LSR may have dropped.

none.

MPLS LSR Interface High Error Free Discard Rate (TX)

Description

Default severity level

Typical causes

Actions

the rate per second of outbound labeled packets (for which no error was detected) discarded by the LSR is above the set threshold.

severe (orange)

the LSR may be short of buffer space.

check the LSR configuration. There may also be low buffer events raised fro the device.

MPLS LSR Interface High Error Free Discard Rate (TX) Cleared

Description

Default severity level

Typical causes

Actions

indicates the interface's discard rate of error-free packets has transitioned to below the set threshold.

information (green)

the initial reason for discarding packets (e.g. low buffer space) has been resolved, or traffic to the LSR may have dropped.

none.

MPLS LSR Interface High Fragmentation Rate

Description

Default severity level

Typical causes

Actions

indicates the number of outgoing MPLS packets that required fragmentation before transmission on this interface is above the set threshold.

severe (orange)

an interface capacity mismatch causes incoming packets to be fragmented before they can be transmitted. Fragmentation is a resource intensive process and can adversely affect LSR performance.

configure the LSR to send and receive compatible sized packets.

MPLS LSR Interface High Fragmentation Rate Cleared

Description

Default severity level

Typical causes

Actions

indicates the interface’s fragmentation rate of has transitioned to below the set threshold.

information (green)

a reconfiguration of the involved interfaces.

a drop in traffic on the interface.

none.

MPLS LSR Interface Low Bandwidth

Description

Default severity level

Typical causes

Actions

indicates the total amount of available bandwidth available on this interface is below the set threshold. Available bandwidth is calculated as the difference between the amount of bandwidth currently in use and total bandwidth.

severe (orange)

overused interface.

for an interface that is showing consistently low bandwidth, consider adjusting its load.

MPLS LSR Interface Low Bandwidth Cleared

Description

Default severity level

Typical causes

Actions

indicates the amount of free bandwidth that is on the interface has transitioned to below the low bandwidth threshold.

information (green)

reduced load on the interface.

none.

MPLS LSR Interface Low Buffer Space

Description

Default severity level

Typical causes

Actions

indicates the total amount of available buffer space available on this interface is below the set threshold. Available buffer space is calculated as the difference between the amount of buffer space currently in use and total buffer space

indicates the platform's discard rate, caused by lookup failures, has transitioned to below the set threshold.

information (green)

the platform is receiving packets for which it has appropriate lookup table entries.

none.

MPLS LSR Interface Platform High Error Free Discard Rate (RX)

Description

Default severity level

Typical causes

Actions

the rate per second of inbound labeled packets, for which no error was detected, that the LSR discarded is above the set threshold.

severe (orange)

the LSR may be short of buffer space.

check the LSR configuration. There may also be low buffer events raised for the device.

MPLS LSR Interface Platform High Error Free Discard Rate (RX) Cleared

Description

Default severity level

Typical causes

Actions

indicates the platform's discard rate of error-free packets has transitioned to below the set threshold.

information (green)

the initial reason for discarding packets (e.g. low buffer space) has been resolved.

traffic to the LSR may have dropped.

none.

MPLS LSR Interface Platform High Error Free Discard Rate (TX)

Description

Default severity level

Typical causes

Actions

the rate per second of outbound labeled packets, for which no error was detected, that the LSR discarded is above the set threshold.

severe (orange)

the LSR may be short of buffer space.

check the LSR configuration. There may also be low buffer events raised for the device.

MPLS LSR Interface Platform High Error Free Discard Rate (TX) Cleared

Description

Default severity level

Typical causes

Actions

iIndicates the platform’s discard rate of error free packets has transitioned to below the set threshold.

information (green)

the initial reason for discarding packets (e.g. low buffer space) has been resolved.

traffic to the LSR may have dropped.

none.

MPLS LSR Interface Platform High Fragmentation Rate

Description

Default severity level

Typical causes

Actions

indicates the number of outgoing MPLS packets that required fragmentation before transmission on this platform is above the set threshold.

severe (orange)

an interface capacity mismatch causes incoming packets to be fragmented before they can be transmitted. Fragmentation is a resource intensive process and can adversely affect LSR performance.

configure the LSR to send and receive compatible sized packets.

MPLS LSR Interface Platform High Fragmentation Rate Cleared

Description

Default severity level

Typical causes

Actions

indicates the platform's fragmentation rate has transitioned to below the set threshold.

information (green)

a reconfiguration of the involved interfaces.

a drop in traffic on the platform.

none.

MPLS VRF High Illegal Label Rate

Description

Default severity level

Typical causes

Actions

the VRF is receiving packets with labels for which it is not configured at a rate above the set threshold.

severe (orange)

the VRF is receiving packets from an area of the network for which it is not configured. This may indicate a misconfiguration or security problem.

investigate the source of the illegal labels.

MPLS VRF High Illegal Label Rate Cleared

Description

Default severity level

Typical causes

Actions

the VRF is receiving packets with labels for which it is not configured at a rate below the set threshold.

information (green)

a misconfiguration has been corrected.

none.

MPLS VRF Interface BGP Neighbor Disappeared

Description

Default severity level

Typical causes

Actions

the interface has not received the BGP keep alive message within the set time.

critical (red)

the router has gone down.

the route to the router has gone down.

if the involved devices are managed by ENA, view the router status.

MPLS VRF Interface BGP Neighbor Newly Discovered

Description

Default severity level

Typical causes

Actions

a new BGP neighbor has been added to the network.

minor (yellow)

the administrator has added a new BGP neighbor to the network.

where you have concerns over security, check the new neighbor is expected.

MPLS VRF Non-operational

Description

Default severity level

Typical causes

Actions

when the number of active interfaces associated with a VRF is zero, then the VRF is not operational.

critical (red)

the interfaces associated with the VRF are down.

a change in configuration has removed all interfaces associated with the VRF.

check the number of interfaces, and check the configuration.

MPLS VRF Operational

Description

Default severity level

Typical causes

Actions

indicates the VRF has transitioned from a non-operational to an operational state.

information (green)

VRF has returned to an operational state, e.g. after the device has been rebooted.

none

Network Outage

Description

Default severity level

Typical causes

Actions

Network Outage events are raised on information ENA collects using traceroute and ICMP ping. It indicates an outage on your network, caused for example by node failure, unreachability of a managed port.

The Details column of the event indicates the particular category of the outage, how ENA identifies the outage category is a product of how it handles traceroute data. ENA discovers all IP addresses configured on a device and then determines which ports, if any, these IP addresses belong to. The success of this association is dependent on the structure of the SNMP MIB. Also if a port is unmanaged within ENA then an IP address cannot be associated with the port.

critical (red)

the Details column in the Events dashlet indicates the particular cause of the outage:

Managed IP On Device Unreachable: indicates that an IP address is not responding to ping:

the port for the IP address is not managed by ENA but the device is managed by ENA. This may be caused by a routing problem.

ENA cannot determine the port associated with the IP address because the IP address is not fixed to a port.

Port Unreachable: indicates that an IP address that is associated with a port is not responding to ping. When ENA is managing the device through a network cloud, ENA raises this event when some of the device's IP addresses are down. Event details lists the unreachable IP addresses in the cloud.

Node Unreachable: indicates that all IP addresses of a network node are not responding to ping. The node (typically a router or a switch) has transitioned to the down state. When ENA is managing the device through a network cloud, ENA raises this event when all the device's IP addresses are down. Event details lists the unreachable IP addresses in the cloud.

Entuity Server disconnected from network: indicates that all discovered IP addresses are not responding to ping, suggesting the disconnection of the Entuity server from the network.

in the Impacted column of the Events dashlet, ENA displays a count of the nodes, servers and applications impacted by the port down or node failure. You can view the list of impacted objects - or at least those components for which you have permission to view by clicking Show Details in the context menu.

When ENA raises a Network Outage event, the action you take depends upon the event type raised, on your network administrator role and whether you have physical access to the device:

Managed IP On Device Unreachable or Port Unreachable: for these two categories, check that the relevant network is routable from ENA.

If the network is not routable and this is intentional, then to prevent the raising of this event, consider excluding the network from ENA management through ENA's configuration settings.

If the network is not routable and this is a Port Unreachable network outage, check the operation status of the port. If this is down, it may indicate a damaged or pulled out cable, or that the device at the other end of the link has failed.

Node Unreachable: if all a device's IP addresses are not responding to ping and the device is also not responding to SNMP polling, it is probable that the node has failed. You can review the incident history for the device, for example for fan failure and temperature incidents. If the device does not restart, the only recourse is a physical inspection.

Entuity Server disconnected from network: from the Entuity server machine, use the ping utility that is installed as part of its operating system to ping network devices. If ping fails to elicit a response, check for Access Control Lists and firewalls that maybe blocking ICMP ping. If ping succeeds, check that the server's firewall permits applicationMoniotor access. You may have to add a rule for the ENA process.

Network Outage Cleared

Description

Default severity level

Typical causes

Actions

indicates an outage on your network is now resolved.

information (green)

the Details column in the Events dashlet indicates the particular network outage clearance:

Managed IP Address Reachable - indicates the IP address is now responding to ping. The port for the IP address is not managed by ENA, but the device is managed by ENA.

Port Reachable - indicates that a port is once again responding to ping. For router ports, a filter ensures only ports with an associated IP address are included.

Node Reachable - indicates that a node (typically a router or a switch) has transitioned to the up state. All of the IP addresses of a network node do not respond to ping.

Entuity Server connected to the network - indicates a restored connection of the Entuity server to the network.

none.

OSPF Peer Briefly Not Established

Description

Default severity level

Typical causes

Actions

indicates that virtual links between OSPF speakers are now established, but recently bounced. ENA identifies a recent bounce because the up time is lower than in the previous poll.

critical (red)

OSPF keep-alives may be lost, so the local router terminates the connection and then successfully attempts to reestablish it.

unstable remote router.

traffic shaping limitations.

check logs are activated on the device, and use the logs to investigate error messages.

OSPF Peer Disappeared

Description

Default severity level

Typical causes

Actions

indicates a former adjacent peer has been removed from the router's configurations. Administrators should be aware of this change to be able to detect rogue configuration updates.

critical (red)

removal of an adjacent router.

investigate the cause of router disappearance.

OSPF Peer Established

Description

Default severity level

Typical causes

Actions

indicates that virtual links between OSPF peers are well established. The state has just transitioned to Full.

minor (yellow)

OSPF peering established.

none.

OSPF Peer Newly Discovered

Description

Default severity level

Typical causes

Actions

indicates ENA has discovered a new OSPF peer.

minor (yellow)

configuration of a new OSPF peer.

none.

OSPF Peer Not Established

Description

Default severity level

Typical causes

Actions

indicates to administrators that a former adjacent peer is no longer in reach. The state has just transitioned out of the Full state.

critical (red)

problems with IP reachability or incorrect OSPF configuration.

use the ping and show route commands to verify network connectivity to the OSPF peer. You can use the show log messages command to look for errors relating to the peer.

Port Duplex Change

Description

Default severity level

Typical causes

Actions

ndicates that an Ethernet port has changed from half to full duplex or vice versa.

information (green)

configuration change.

auto-detection mechanism has detected a duplex change on the attached PC or server NIC card.

none.

Port Error Disable Alarm

This event is only enabled through additions to ENA's configuration. Contact your Entuity Support representative for details.

the port error disable state indicates that the port has been brought down by the device (even though its admin status is up) because of detected errors persisting for a configured errdisable timeout period. This only happens if sysErrDisableTimeoutEnable is set for the device.

a port in this state will not come up again unless manually re-enabled by the network administrator.

Port Error Disable Alarm Cleared

This event is only enabled through additions to ENA's configuration. Contact your Entuity Support representative for details.

Description

Default severity level

Typical causes

Actions

information (green)

transition of port status to normal.

none.

Port High Inbound Discards (Dynamic)

Description

Default severity level

Typical causes

Actions

indicates that a port is dropping some packets in its receive buffers. Packet loss and transmission delays cause end to end application performance degradation, as applications timeout and re-transmit data intermittently. The discard rate is higher than the active dynamic threshold.

severe (orange)

lack of bandwidth on the port, transmit buffer sizes too small.

Use the Ticker tool to check the current outbound port utilization. If this is high, and a historical graph of port utilization reveals that, in general, the link is highly utilized, then more bandwidth may be needed.

Although the percentage level of discards the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. Port Minimum Packet Rate for Discards allows you to set a packets per second threshold; only when this threshold is crossed could ENA potentially raise this event. When activated the threshold is included to the event details string, for example:

Port High Inbound Discards (Dynamic) Cleared

indicates that a port that was dropping enough packets in its receive buffers to cross the set dynamic threshold is no longer doing so.

information (green)

inbound discards has returned to levels within the dynamic threshold.

none.

Port High Inbound Fault (Dynamic)

Description

Default severity level

Typical causes

Actions

indicates that a port is receiving corrupted packets from the network (a brownout). These packets will be thrown away by the switch or router that is reporting this problem, causing application layer timeouts and re- transmissions. Network users may be complaining about slow application response times. Types of corrupted packets include CRC errors, alignment errors, giants, and runt packets.

giant packets may be caused by faulty firmware on switch devices or encapsulation misconfiguration on trunk ports.

Check the duplex settings on switch ports reporting this problem, and the PC or server which is attached to the switch port. If this isn't the cause of the problem, move the PC or server to a different port and see if the corruption continues. If so, swap out the NIC card on the PC or server.

Although the percentage level of faults the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. The Port Minimum Packet Rate for Faults allows you to set a packets per second threshold; only when this threshold is crossed could Entuity potentially raise this event. When activated the threshold is included to the event details string, for example:

Port High Inbound Fault (Dynamic) Cleared

indicates that a port that was receiving corrupted packets from the network (a brownout) is no longer receiving those packets.

information (green)

reduction in traffic.

none.

Port High Inbound Utilization (Dynamic)

Description

Default severity level

Typical causes

Actions

indicates that a port (link) is experiencing high levels of utilization (bandwidth usage). This may cause users who are communicating over this area of the network to experience slow application response times.

severe (orange)

excessive application traffic.

configuration changes.

if high port level utilization persists, then the link speed may need to be increased to accommodate the extra traffic levels.

Port High Inbound Utilization (Dynamic) Cleared

Description

Default severity level

Typical causes

Actions

indicates that a port (link) that was experiencing high levels of utilization (bandwidth usage) is now operating within dynamic thresholds.

information (green)

utilization for the port has, during the past hour, returned to within the expected threshold.

none.

Port High Outbound Discards (Dynamic)

Description

Default severity level

Typical causes

Actions

indicates that a port is dropping some packets in its transmit buffers, and/or experiencing difficulties transmitting packets out onto the network. Packet loss and transmission delays cause end to end application performance degradation, as applications timeout and re-transmit data intermittently. The discard rate is higher than the active dynamic threshold.

severe (orange)

lack of bandwidth on the port.

transmit buffer sizes too small.

Use the Ticker tool to check the current outbound port utilization. If this is high, and a historical graph of port utilization reveals that, in general, the link is highly utilized, then more bandwidth may be needed.

Although the percentage level of discards the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. Port Minimum Packet Rate for Discards allows you to set a packets per second threshold; only when this threshold is crossed could Entuity potentially raise this event. When activated the threshold is included to the event details string, for example:

Port High Outbound Discards (Dynamic) Cleared

indicates that a port that was dropping large numbers of packets in its transmit buffers, and or experiencing severe difficulties transmitting packets out onto the network is now performing normally.

information (green)

reduced traffic.

none.

Port High Outbound Fault (Dynamic)

Description

Default severity level

Typical causes

Actions

indicates that a port is failing to transmit some packets onto the network (a brownout). These packets will be thrown away by the switch or router that is reporting this problem, causing application layer timeouts and re-transmissions. Network users may be complaining about slow application response times. Types of transmit errors include late collisions, carrier loss, and SQE test errors. The outbound fault rate is higher than the active dynamic threshold.

Check the duplex settings on switch ports reporting this problem, and the PC or server which is attached to the switch port. If this is not the cause of the problem, move the PC or server to a different port and see if the corruption continues. If so, swap out the NIC card on the PC or server.

Although the percentage level of faults the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. The Port Minimum Packet Rate for Faults allows you to set a packets per second threshold; only when this threshold is crossed could ENA potentially raise this event. When activated the threshold is included to the event details string, for example:

Port High Outbound Utilization (Dynamic)

Description

Default severity level

Typical causes

Actions

indicates that a port (link) is experiencing high levels of utilization (bandwidth usage). This may cause users who are communicating over this area of the network to experience slow application response times.

severe (orange)

excessive application traffic.

configuration changes.

if high port level utilization persists, then the link speed may need to be increased to accommodate the extra traffic levels.

Port High Outbound Utilization (Dynamic) Cleared

Description

Default severity level

Typical causes

Actions

indicates that a port (link) that was experiencing high levels of utilization (bandwidth usage) is now operating within dynamic thresholds.

information (green)

utilization for the port has during the past hour is within the expected threshold.

none.

Port Inbound Discards High (Device Congestion)

Description

Default severity level

Typical causes

Actions

indicates that a port is dropping some packets in its receive buffers. Packet loss and transmission delays cause end to end application performance degradation, as applications timeout and re-transmit data intermittently

severe (orange)

lack of bandwidth on the port.

transmit buffer sizes too small.

use the Ticker tool to check the current outbound port utilization. If this is high, and a historical graph of port utilization reveals that, in general, the link is highly utilized, then more bandwidth may be needed.

Although the percentage level of discards the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. Port Minimum Packet Rate for Discards allows you to set a packets per second threshold; only when this threshold is crossed could ENA potentially raise this event. When activated the threshold is included to the event details string, for example:

Port Inbound Discards High Cleared (No Device Congestion)

indicates that a port that was dropping sufficient packets in its receive buffers to cross the set dynamic threshold, is no longer doing so.

information (green)

inbound discards have returned to levels within the dynamic threshold.

none.

Port Inbound Fault High (Packet Corruption)

Description

Default severity level

Typical causes

Actions

indicates that a port is receiving corrupted packets from the network (a brownout). These packets will be thrown away by the switch or router that is reporting this problem, causing application layer timeouts and re- transmissions. Network users may be complaining about slow application response times. Types of corrupted packets include CRC errors, alignment errors, giants, and runt packets

giant packets may be caused by faulty firmware on switch devices or encapsulation misconfiguration on trunk ports.

check the duplex settings on switch ports reporting this problem, and the PC or server which is attached to the switch port. If this isn't the cause of the problem, move the PC or server to a different port and see if the corruption continues. If so, swap out the NIC card on the PC or server.

Although the percentage level of faults the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. The Port Minimum Packet Rate for Faults allows you to set a packets per second threshold; only when this threshold is crossed could Entuity potentially raise this event. When activated the threshold is included to the event details string, for example:

if the device reporting the event is a switch, then check what is attached to the port.

if it is a trunk or server port, then this event indicates that there may be a network problem.

Port Operationally Down Cleared

Description

Default severity level

Typical causes

Actions

indicates that a port that was not responding, is now either responding, or its administrative state has been set to down.

information (green)

routing problem corrected.

interface restarted.

none.

Port Outbound Discards High (Port Congestion)

Description

Default severity level

Typical causes

Actions

indicates that a port is dropping some packets in its transmit buffers, and/or experiencing difficulties transmitting packets out onto the network. Packet loss and transmission delays cause end to end application performance degradation, as applications timeout and re-transmit data intermittently.

major (amber)

lack of bandwidth on the port.

transmit buffer sizes too small.

Use the Ticker tool to check the current outbound port utilization. If this is high, and a historical graph of port utilization reveals that, in general, the link is highly utilized, then more bandwidth may be needed.

Although the percentage level of discards the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. Port Minimum Packet Rate for Discards allows you to set a packets per second threshold; only when this threshold is crossed could ENA potentially raise this event. When activated the threshold is included to the event details string, for example:

Port Outbound Discards High (No Port Congestion) Cleared

indicates that a port that was dropping large numbers of packets in its transmit buffers, and or experiencing severe difficulties transmitting packets out onto the network is now performing normally.

information (green)

reduction in traffic.

none.

Port Outbound Fault High (Transmit Errors)

Description

Default severity level

Typical causes

Actions

ndicates that a port is failing to transmit some packets onto the network (a brownout). These packets will be thrown away by the switch or router that is reporting this problem, causing application layer timeouts and re-transmissions. Network users may be complaining about slow application response times. Types of transmit errors include late collisions, carrier loss, and SQE test errors.

Check the duplex settings on switch ports reporting this problem, and the PC or server which is attached to the switch port. If this is not the cause of the problem, move the PC or server to a different port and see if the corruption continues. If so, swap out the NIC card on the PC or server.

Although the percentage level of faults the port reports may be high if it has a low packet throughput then you may want to amend the behavior of the event. You can activate a low traffic filter to eliminate nuisance events. The Port Minimum Packet Rate for Faults allows you to set a packets per second threshold; only when this threshold is crossed could ENA potentially raise this event. When activated the threshold is included to the event details string, for example:

Port Speed Change

auto-detection mechanism has detected a speed change on the attached PC or server NIC card.

none.

Port Utilization High

Description

Default severity level

Typical causes

Actions

indicates that a port (link) is experiencing high levels of utilization (bandwidth usage). This may cause users who are communicating over this area of the network to experience slow application response times.

severe (orange)

excessive application traffic.

configuration changes.

if a high port level utilization persists, then the link speed may need to be increased to accommodate the extra traffic levels.

Port Utilization High Cleared

Description

Default severity level

Typical causes

Actions

indicates that a port (link) that was experiencing high levels of utilization is now transmitting lower traffic volumes.

information (green)

reduced application traffic.

none.

Port Utilization Low

Description

Default severity level

Typical causes

Actions

indicates that a port (link) is experiencing low levels of utilization (bandwidth usage).

severe (orange)

route changes.

outages upstream of the link.

server problems.

may be symptomatic of an issue elsewhere in the network. Check through other events that have recently been reported if excessively low levels of utilization persist.

Port Utilization Low Cleared

Description

Default severity level

Typical causes

Actions

indicates that a port (link) that was experiencing low levels of utilization is now transmitting higher traffic volumes.

information (green)

increased application traffic.

none.

Power Supply Major Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a major power supply hardware problem.

severe (orange)

faulty power supply hardware.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Power Supply Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a minor power supply hardware problem.

severe (orange)

faulty power supply hardware.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem.

Power Supply OK

Description

Default severity level

Typical causes

Actions

indicates that the power supply fault for a device has been cleared.

information (green)

faulty power supply has been swapped out.

none.

Power Supply Unknown State

Description

Default severity level

Typical causes

Actions

indicates that the state of the device's power supply hardware is unknown.

severe (orange)

the power supply type is unknown. The ID EEPROM of the power supply has not been programmed or has been corrupted, or the power supply is not supported by the router.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled depending on the type of problem. Refer to the device documentation for details on power supply unknown.

Processor Utilization High

Description

Default severity level

Typical causes

Actions

indicates the identified processor on the device has high CPU utilization. When the processor cannot be identified, ENA raises the event against single processor 1.

minor (yellow)

high CPU utilization due to interrupts.

a particular process using a lot of CPU resources.

use the managed host function to view current and historic levels of process usage. Also create reports, e.g. a Router Summary Report, that runs every hour to monitor router CPU utilization.

Processor Utilization High Cleared

Description

Default severity level

Typical causes

Actions

indicates the processor on the device no longer has high utilization.

information (green)

reduced usage.

none.

Routing Broadcast Traffic High

Description

Default severity level

Typical causes

Actions

indicates an incorrect packet broadcast on a network that causes most hosts to respond all at once, typically with wrong answers that start the process over again.

major (amber)

in a TCP/IP network is the use of ARP (Address Resolution Protocol) requests for address resolution, where the number of devices in a segment is too large.

Defective network adapter card or cable run may cause electrical noise to be sent along the cable, causing broadcast packets to be unanswered. This may cause more broadcast traffic, generating a broadcast storm.

check broadcast traffic domains.

configure the network to block illegal broadcast messages, where electrical noise is a problem power down the failing device and disconnect from the cable.

Routing Broadcast Traffic High Cleared

Description

Default severity level

Typical causes

Actions

sent by the router to the sender of a packet indicating that the route is now available.

information (green)

resolution of high broadcast problem.

none.

Routing High No Routes to IP Destination

Description

Default severity level

Typical causes

Actions

sent by the router to the sender of a packet indicating that there is no route available to deliver the packet to the intended receiver.

information (green)

resolution of high broadcast problem.

none.

Routing High No Routes to IP Destination Cleared

Description

Default severity level

Typical causes

Actions

sent by the router to the sender of a packet indicating that there is no route available to deliver the packet to the intended receiver.

minor (yellow)

a network link is disconnected.

destination address does not exist.

investigate destination address and network connections.

Routing ICMP High Redirects

Description

Default severity level

Typical causes

Actions

indicates routers handling packets with incorrect addresses.

minor (yellow)

device configured with incorrect routing entries.

locate the incorrectly configured device and correct. Alternatively, where you feel it is appropriate, disable ICMP redirects.

Routing ICMP High Redirects Cleared

Description

Default severity level

Typical causes

Actions

indicates a reduction in incorrectly addressed packets.

information (green)

device reconfiguration.

none.

Routing ICMP High TTL Exceeds

Description

Default severity level

Typical causes

Actions

indicates TTL (Time To Live) value in the IP Packet is decremented to zero. The router discards the IP packet and an ICMP 'TTL Expired in transit' message is sent back to the sending IP address.

minor (yellow)

unreachable device.

routing loop.

locate the incorrectly configured sending device and correct.

Routing ICMP High TTL Exceeds Cleared

Description

Default severity level

Typical causes

Actions

indicates transmission to the device is now within TTL (Time To Live) value in the IP packet.

information (green)

device now online.

none.

Service Down

Description

Default severity level

Typical causes

Actions

indicates the named service is down.

number of components failing in the service is sufficient to cause the service to fail.

in the ENA UI, navigate to the My Network View and open the Services dashboard to see the current status of all services. Select the required service to drill down and view the status of its components.

Service State Degraded

Description

Default severity level

Typical causes

Actions

indicates the state of the named service is degraded.

severe (orange)

the combined state of components in this service crosses the set threshold at which ENA determines performance of the overall service is compromised. However, the set threshold at which the service would have failed has not been crossed.

in the ENA UI, navigate to the My Network View and open the Services dashboard to see the current status of all services. Select the required service to drill down and view the status of its components.

Service State Off

Description

Default severity level

Typical causes

Actions

indicates the named service is now set to not generate a state. The event details indicate Status is set to None.

user has amended the service configuration type to None.

in the ENA UI, navigate to the My Network View and open the Services dashboard to see the current status of all services. Select the required service to drill down and view the status of its components.

Service State Unknown

Description

Default severity level

Typical causes

Actions

indicates the state of the named service is unknown.

severe (orange)

state of one or more of the components in the service is unknown.

in the ENA UI, navigate to the My Network View and open the Services dashboard to see the current status of all services. Select the required service to drill down and view the status of its components.

Service Up

Description

Default severity level

Typical causes

Actions

indicates the named service is up, after its state has previously been Down or Unknown.

sufficient components in this service are now up, so the service is now available.

none.

SNMP Agent Not Responding

Description

Default severity level

Typical causes

Actions

indicates the device - specifically its SNMP agent - is not responding to SNMP requests, but it was available when ENA last attempted to ping it. It is the response to the ping that determines whether ENA considers a device to be up or down. SNMP Agent Not Responding events are not raised when a device is down.

ENA availability monitoring operates in one of two modes:

by ICMP ping to hte management IP address only.

by ICMP ping to all IP addresses on the device (default). The device is considered up when ENA receives one or more responses.

SNMP Agent Restart Detected

Description

Default severity level

Typical causes

Actions

indicates the SNMP service has restarted on the managed host, since Entuity last attempted to poll it. It also indicates the SNMP counters polled by Entuity for the managed host have been reset, which may explain any unexpected data spikes.

major (amber)

device restarted.

manual restart of the SNMP agent.

none.

SNMP Authentication Failure

Description

Default severity level

Typical causes

Actions

indicates that a request did not get proper authentication, usually the result of a bad community string.

severe (orange)

invalid community was received in a message.

ping the device to ensure that it is still contactable. If the ping is successful, check that the IP address and SNMP community string of the device in ENA are still configured correctly (although it may not be the ENA server that is issuing the SNMP requests that are failing).

SNMP Response Time High

Description

Default severity level

Typical causes

Actions

indicates that a device's response to an SNMP request was greater than the set threshold.

severe (orange)

latency may be caused by the traffic load on the network, or by load on the device or intermediate devices.

in the ENA UI, navigate to the device in question and open its Summary dashboard to see and drill down into its latency chart. To view this device's latency performance within the context of other devices, run the Device SNMP Response Time report, which is an Administrative report.

SNMP Response Time High Cleared

Description

Default severity level

Typical causes

Actions

indicates that a device's response to an SNMP request has now returned to within the set threshold.

severe (orange)

latency has returned to within the set threshold.

none.

SNMPv3 Duplicate Engine ID

Description

Default severity level

Typical causes

Actions

indicates that two or more devices under management now have the same SNMPv3 engine identifier. Under SNMPv3, devices use the engine identifier when determining the source of a trap and decoding its message.

severe (orange)

a device under ENA management has been reconfigured with an engine identifier used by another device that is also under management.

event details include information on the two devices with the same engine identifier. You should reconfigure one of the devices with a unique engine identifier.

SSL Certificate Expired

Description

Default severity level

Typical causes

Actions

indicates the SSL certificate has expired. ENA continues to raise this even, every 24 hours, until the certificate is renewed or removed.

critical (red)

SSL certificate has passed its expiry date.

install a new SSL certificate.

SSL Certificate Expiring

Description

Default severity level

Typical causes

Actions

indicates the SSL certificate expiry date is within the set expiry notification period. You can amend the notification period against the device. Entuity continues to raise this event, every 24 hours, until the certificate is renewed, removed or expires

severe (orange)

SSL certificate expiry date is within the set notification period.

obtain a new SSL certificate. You can create self-signed certificates yourself, otherwise obtain one from a recognized SSL certificate-issuing authority.

SSL Proxy Service Administrative Available to SNMP Poll

Description

Default severity level

Typical causes

Actions

indicates that the device is responding, because its administrative state is up.

information (green)

administrator has configured the administrative state to up.

none.

SSL Proxy Service Administrative Unavailable to SNMP Poll

Description

Default severity level

Typical causes

Actions

indicates that the device is not responding, because its administrative state is down.

critical (red)

administrator has taken the module down.

none.

SSL Proxy Service Operational Available to SNMP Poll

Description

Default severity level

Typical causes

Actions

indicates that the device is responding to SNMP polling, because its operational state is up.

information (green)

SSL Proxy service has been down but is now available.

none.

SSL Proxy Service Operational Unavailable to SNMP Poll

Description

Default severity level

Typical causes

Actions

indicates that the device is not responding to SNMP polling, because its operational state is down.

critical (red)

SSL certificate has passed its expiry date.

contact your SSL authority for a valid certificate.

STP New Root Device

Description

Default severity level

Typical causes

Actions

indicates that a device has reported a new root switch for a spanning tree in which it participates. This even is detected by the generation of an SNMP trap on the device.

critical (red)

device configuration changes.

device or link failures.

telnet to the device and check the system logs for an indication of what caused a new device to become the root switch.

STP VLAN Topology Change

Description

Default severity level

Typical causes

Actions

indicates that a device reported a topology change for a spanning tree in which it participates. This event is detected by the generation of an SNMP trap on the device.

major (amber)

device configuration changes.

device or link failures.

telnet to the device and check the system logs for an indication of what caused the topology change.

Syslog Alert Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

severe (orange)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

dependent on the syslog event raised.

Syslog Critical Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

severe (orange)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

dependent on the syslog event raised.

Syslog Debug Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

information (green)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

none.

Syslog Emergency Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

critical (red)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

dependent on the syslog event raised.

Syslog Error Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

major (amber)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

dependent on the syslog event raised.

Syslog Information Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

information (green)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

none.

Syslog Notice Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

minor (yellow)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

none.

Syslog Warning Events

Description

Default severity level

Typical causes

Actions

syslog can generate system messages for each of the defined facilities, those defined by default and those defined locally. All of the system message can be prioritized. Syslog event details have the format:

tag:message

where:

tag indicates the syslog message, e.g.:

%PAGP-5-PORTFROMSTP, a spanning tree messages.

%LINK-3-UPDOWN, a link up and down (physical).

%LINEPROTO-5-UPDOWN, a line up and down (layer 2).

message, the content of the syslog message.

minor (yellow)

ENA administrator determines which system messages generate events that are displayed, and the facilities and at what priority level from which these system messages come.

dependent on the syslog event raised.

UCS Blade Down

Description

Default severity level

Typical causes

Actions

indicates a blade fault for a device.

critical (red)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Blade Major Fault

Description

Default severity level

Typical causes

Actions

indicates a major blade hardware or firmware problem.

severe (orange)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Blade Minor Fault

Description

Default severity level

Typical causes

Actions

indicates a minor blade hardware or firmware problem.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Blade OK

Description

Default severity level

Typical causes

Actions

indicates that a blade fault for a device has been cleared.

OK (green)

faulty blade has been swapped out.

none.

UCS Blade Status Unknown

Description

Default severity level

Typical causes

Actions

indicates that ENA cannot determine the status of the blade.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Chassis Down

Description

Default severity level

Typical causes

Actions

indicates a fault for a device.

critical (red)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Chassis Major Fault

Description

Default severity level

Typical causes

Actions

indicates a major chassis hardware or firmware problem.

severe (orange)

faulty hardware or firmware.

telnet to the device and check the system settings for an indication of what the problem is. A hardware swap out may need to be scheduled, depending on the type of problem.

UCS Chassis Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a chassis has a minor hardware or firmware problem.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Chassis Status OK

Description

Default severity level

Typical causes

Actions

indicates that a chassis fault for a device has been cleared.

OK (green)

faulty chassis has been swapped out.

none.

UCS Chassis Status Unknown

Description

Default severity level

Typical causes

Actions

indicates that ENA cannot determine the status of the chassis.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fabric Extender Down

Description

Default severity level

Typical causes

Actions

indicates a fabric extender fault for a device.

critical (red)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fabric Extender Major Fault

Description

Default severity level

Typical causes

Actions

indicates a major fabric extender hardware or firmware problem.

severe (orange)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fabric Extender Minor Fault

Description

Default severity level

Typical causes

Actions

indicates a minor fabric extender hardware or firmware problem.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fabric Extender Status OK

Description

Default severity level

Typical causes

Actions

indicates that a fabric extender fault for a device has been cleared.

OK (green)

faulty fabric extender has been swapped out.

none.

UCS Fabric Extender Status Unknown

Description

Default severity level

Typical causes

Actions

indicates that ENA cannot determine the status of the fabric extender.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Down

Description

Default severity level

Typical causes

Actions

indicates a fault on a fan on the device chassis.

critical (red)

faulty fan hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Major Fault

Description

Default severity level

Typical causes

Actions

indicates a fan on the device chassis has a major fault.

severe (orange)

faulty fan hardware.

faulty environmental card.

faulty supervisor card.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Minor Fault

Description

Default severity level

Typical causes

Actions

indicates a fan on the device chassis has a minor fault.

major (amber)

faulty fan hardware.

faulty environmental card.

faulty supervisor card.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Module Down

Description

Default severity level

Typical causes

Actions

indicates a fan on the device chassis is down.

critical (red)

faulty fan module hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Module Major Fault

Description

Default severity level

Typical causes

Actions

indicates that a module has a minor fan hardware problem.

severe (orange)

faulty fan hardware.

faulty environmental card.

faulty supervisor card.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Module Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a module has a minor fan hardware problem.

major (amber)

faulty fan hardware.

faulty environmental card.

faulty supervisor card.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Module Status OK

Description

Default severity level

Typical causes

Actions

indicates that a fan module fault for a device has been cleared.

information (green)

faulty fan module has been swapped out.

none.

UCS Fan Module Status Unknown

Description

Default severity level

Typical causes

Actions

indicates the status of the fan module is not reportable or is unknown.

minor (yellow)

status of the fan module is not reportable.

status of the fan module is unknown.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Fan Status OK

Description

Default severity level

Typical causes

Actions

indicates that a fan fault for a device has been cleared.

information (green)

faulty fan has been swapped out.

none.

UCS Fan Status Unknown

Description

Default severity level

Typical causes

Actions

indicates the status of the fan is not reportable or is unknown.

minor (yellow)

status of the fan is not reportable.

status of the fan is unknown.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Local Disk Down

Description

Default severity level

Typical causes

Actions

indicates a local disk fault for a device.

critical (red)

faulty local disk hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Local Disk Major Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a major local disk hardware or firmware problem.

major (amber)

faulty local disk hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Local Disk Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a minor module (line card) hardware or firmware problem.

minor (yellow)

faulty local disk hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Local Disk Unknown

Description

Default severity level

Typical causes

Actions

indicates that the local disk is unknown.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Local Disk OK

Description

Default severity level

Typical causes

Actions

indicates that a module (card) fault for a device has been cleared.

OK (green)

faulty local disk has been swapped out.

none.

UCS PSU Down

Description

Default severity level

Typical causes

Actions

indicates a PSU fault for a device.

critical (red)

faulty PSU hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS PSU Major Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a minor PSU hardware or firmware problem.

critical (red)

faulty PSU hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS PSU Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a minor PSU hardware or firmware problem.

minor (yellow)

faulty PSU hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS PSU Unknown

Description

Default severity level

Typical causes

Actions

indicates that the PSU is unknown.

minor (yellow)

faulty hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS PSU OK

Description

Default severity level

Typical causes

Actions

indicates that a PSU fault for a device has been cleared.

OK (green)

faulty PSU has been swapped out.

none.

UCS Switch Card Down

Description

Default severity level

Typical causes

Actions

indicates a switch card fault for a device.

major (amber)

faulty switch card hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Switch Card Major Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a major switch card hardware or firmware problem.

severe (orange)

faulty switch card hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Switch Card Minor Fault

Description

Default severity level

Typical causes

Actions

indicates that a device has a minor switch card hardware or firmware problem.

minor (yellow)

faulty switch card hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

UCS Switch Card Status OK

Description

Default severity level

Typical causes

Actions

indicates that a switch card fault for a device has been cleared.

information (green)

faulty switch card has been swapped out.

none.

UCS Switch Card Status Unknown

Description

Default severity level

Typical causes

Actions

indicates ENA received an enterprise trap for which it does not have a loaded MIB, rules or custom event. Trap details include its OID and argument values.

major (amber)

faulty switch card hardware or firmware.

copy the message from the event description, or copy the message from the console/system log in the Cisco UCS Manager. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. Also refer to the Release Notes for UCS Manager and the Cisco UCS Troubleshooting Guide. If you cannot resolve the issue, execute the show tech-support command and contact Cisco Technical Support.

Unknown Trap

Description

Default severity level

Typical causes

Actions

indicates ENA received an enterprise trap for which it does not have a loaded MIB, rules or custom event. Trap details include its OID and argument values.

major (amber)

ENA received an enterprise trap, for which a mapping has been included to the ENA database.

through the Event Management System you can import and load MIBs, creating rules and custom events for trap definitions. Alternatively you can prevent Entuity raising Unknown Trap events by activating the Discard Unknown Trap rule.

User Defined Attribute State Disabled

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

major (amber)

this event is a state event and is raised when the attribute reports its state as disabled.

view the event details to see the configuration setup for the disabled state.

User Defined Attribute State Down

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

severe (orange)

this event is a state event and is raised when the attribute reports its state as down.

view the event details to see the configuration setup for the down state.

User Defined Attribute State Other

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

major (amber)

this event is a state event and is raised when the attribute reports its state as other.

view the event details to see the configuration setup for the other state.

User Defined Attribute State Up

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

information (green)

this event is a state event and is raised when the attribute reports its state as up.

view the event details to see the configuration setup for the up state.

User Defined Attribute Value Abnormality Cleared

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

information (green)

this event is a threshold event and is raised when the polled attribute value has transitioned to a normal state.

view the event details to see the configuration setup for the normal state.

User Defined Attribute Value Critical

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

critical (red)

this event is a threshold event and is raised when the polled attribute value is within the set critical threshold boundary.

view the event details to see the configuration setup for the critical threshold state.

User Defined Attribute Value High

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

severe (orange)

this event is a threshold event and is raised when the polled attribute value is within the set high threshold boundary.

view the event details to see the configuration setup for the high threshold state.

User Defined Attribute Value Low

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

major (amber)

this event is a threshold event and is raised when the polled attribute value is within the set low threshold boundary.

view the event details to see the configuration setup for the low threshold state.

User Defined Attribute Value Warning

Description

Default severity level

Typical causes

Actions

through User Defined Polling, you can create attributes for ENA to poll. You can also set ENA to raise events depending upon the values returned.

major (amber)

this event is a threshold event and is raised when the polled attribute value is within the set low threshold boundary.

View the event details. This contains the configuration setup for the low threshold state.

Virtual Machine Moved

Description

Default severity level

Typical causes

Actions

ENA has monitored the moving of a VM between hypervisors.

minor (yellow)

corrected connection details.

none.

Virtual Machine Powered Off

Description

Default severity level

Typical causes

Actions

ENA has monitored a VM powering off.

information (green)

corrected connection details.

none.

Virtual Machine Powered On

Description

Default severity level

Typical causes

Actions

ENA has monitored a VM powering on.

information (green)

corrected connection details.

none.

Virtualization Connection Failed

Description

Default severity level

Typical causes

Actions

indicates that ENA has failed to connect to the identified VM platform.

Confirm the connection details (the connection to a VM platform is through its SDK). View and modify connection details via the Main Menu > Administration > Device Inventory page.

Virtualization Connection Success

Description

Default severity level

Typical causes

Actions

ENA has successfully connected to the VM platform after a previous failure.

information (green)

corrected connection details.

none.

VM Guest Memory High

Description

Default severity level

Typical causes

Actions

indicates high memory utilization on the VM. The VM High Guest Memory Threshold can be set against the VM platform and against individual VMs.

minor (yellow)

excessive application holding of resources.

run a Flex Report to identify long-term utilization of tunnels on the VPN.

VM Guest Memory High Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous VM Guest Memory High alarm has been cleared.

information (green)

VM memory utilization has returned to acceptable levels.

none.

VPN High Active Tunnels

Description

Default severity level

Typical causes

Actions

indicates high VPN tunnel usage.

minor (yellow)

excessive application traffic.

configuration changes.

run a Flex Report to identify long-term utilization of tunnels on the VPN.

VPN High Active Tunnels Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous VPN High Active Tunnels alarm has been cleared.

information (green)

VPN tunnel usage has returned to acceptable levels.

none.

VPN Load Average High

Description

Default severity level

Typical causes

Actions

load average (average number of processes in the runqueue during the polling interval) is above the set threshold.

minor (yellow)

excessive application traffic.

configuration changes.

run a Flex Report to identify long term utilization of tunnels on the VPN.

VPN Load Average High Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous VPN Load Average High alarm has been cleared.

information (green)

average loading for the runqueue has returned to acceptable levels.

none.

VPN Network Port Utilization High

Description

Default severity level

Typical causes

Actions

indicates that a VPN ethernet port (link) is experiencing high levels of utilization (bandwidth usage). This may cause users who are communicating over this area of the network to experience slow application response times.

minor (yellow)

excessive application traffic.

configuration changes.

if high port level utilization persists, then the link speed may need to be increased to accommodate the extra traffic levels.

VPN Network Port Utilization High Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous VPN Network Port Utilization High alarm has been cleared.

information (green)

VPN port utilization has returned to acceptable levels.

none.

VPN Tunnel Usage High

Description

Default severity level

Typical causes

Actions

indicates high VPN tunnel usage.

minor (yellow)

excessive application traffic.

configuration changes.

run a Flex Report to identify long term utilization of tunnels on the VPN.

VPN Tunnel Usage High Cleared

Description

Default severity level

Typical causes

Actions

indicates a previous VPN Tunnel Usage High alarm has been cleared.

information (green)

VPN tunnel usage has returned to acceptable levels.

none.

WAN Port High Inbound Discards

Description

Default severity level

Typical causes

Actions

indicates that a WAN port (link) is discarding packets. This packet loss causes end to end application performance degradation, as applications timeout and re-transmit data intermittently.

major (amber)

when congestion occurs downstream in the network, and the device needs to free buffer space frames are discarded. For Frame Relay the switch dropping frames will select from its buffer the frames with the DE bit set first. If this is not sufficient to relieve the congestion, frames with DE bit clear will be dropped next.

use the Ticker tool to check inbound broadcast traffic on the port reporting discards. If broadcast traffic is light, telnet to the device and check system resources. Increasing the size of the receive buffers, and/or upgrading the device hardware (CPU and memory) may be necessary.

WAN Port High Inbound Discards Cleared

Description

Default severity level

Typical causes

Actions

indicates a WAN Port HighInbound Discards alarm has been cleared as the port discard rate is now below the high threshold value.

information (green)

reduced transmission.

none.

WAN Port High Inbound Errors

Description

Default severity level

Typical causes

Actions

indicates that a port is receiving corrupted packets from the network (a brownout). These packets are thrown away by the port’s device, causing application layer timeouts and re-transmissions. Network users may complain about slow application response times. Types of corrupted packets include CRC errors, alignment errors, giants, and runt packets.

giant packets may be caused by faulty firmware on switch devices or encapsulation misconfiguration on trunk ports.

check the duplex settings on switch ports reporting this problem, and the PC or server which is attached to the switch port. If this isn't the cause of the problem, move the PC or server to a different port and see if the corruption continues. If so, swap out the NIC card on the PC or server.

WAN Port High Inbound Errors Cleared

Description

Default severity level

Typical causes

Actions

indicates that the port error rate is now below the high threshold value.

information (green)

port error rate is now below the high threshold value, as alerted by the WAN Port High Inbound Errors alarm.

none.

WAN Port High Inbound Utilization

Description

Default severity level

Typical causes

Actions

indicates that a WAN port (link) is experiencing high levels of utilization (bandwidth usage). This may cause users who are communicating over this area of the network to experience slow application response times.

major (amber)

excessive application traffic.

configuration changes.

if high port level utilization persists, then the link speed may need to be increased to accommodate the extra traffic levels.

WAN Port High Inbound Utilization Cleared

Description

Default severity level

Typical causes

Actions

a WAN Port High Inbound Utilization alarm has been cleared, because the port error rate is now below the high threshold value.

information (green)

reduced application traffic.

none.

WAN Port High Outbound Discards

Description

Default severity level

Typical causes

Actions

indicates that a port is dropping some packets in its transmit buffers even though no errors had been detected to prevent their being transmitted. Packet loss and transmission delays cause end to end application performance degradation, as applications timeout and re-transmit data intermittently

major (amber)

lack of bandwidth on a port.

transmit buffer sizes too small.

use the Ticker tool to check the current outbound port utilization. If this is high, and a historical graph of port utilization reveals that, in general, the link is highly utilized, then more bandwidth may be needed.

WAN Port High Outbound Errors

Description

Default severity level

Typical causes

Actions

indicates that the WAN port is dropping large numbers of packets in its transmit buffers, and/or experiencing severe difficulties transmitting packets out onto the network. Packet loss and transmission delays cause end to end application performance degradation, as applications timeout and re-transmit data intermittently.

use the Ticker tool to check the current outbound port utilization. If this is high, and a historical graph of port utilization reveals that, in general, the link is highly utilized, then more bandwidth may be needed.

WAN Port High Outbound Utilization

Description

Default severity level

Typical causes

Actions

indicates that a WAN port (link) is experiencing high levels of outbound utilization (bandwidth usage). This may cause users who are communicating over this area of the network to experience slow application response times.

major (amber)

excessive application traffic.

configuration changes.

if high port level utilization persists, then the link speed may need to be increased to accommodate the extra traffic levels.

WAN Port High Outbound Utilization Cleared

Description

Default severity level

Typical causes

Actions

indicates the WAN port utilization is now below the high threhsold value.